Trojan.Win32.Alureon_bec2c7f139 – Adaware

HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Alureon.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: bec2c7f1395083aef6948e1ba118cfaf

SHA1: 475cd88c6c1d582a15f6900182f911708a668d61

SHA256: e31705ac21d687b1380aa69fcfe69e00fca4927cee26ad9e4dc84a4ef5c35c38

SSDeep: 3072:GHlSRC9Z/ejxn37BU86VLKyOGXWSl1xh10TPHP 5dJ/5qw4wknY:clSRC9ZeJBU8ULUKk7S5q1xY

Size: 152059 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171

Company: WinterSoft

Created at: 2011-01-31 19:44:13

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

desktopy-plugins.exe:1728
amt_dosearches.exe:1476
ctfmon.exe:536
Updater.exe:1184
Updater.exe:888
dp.exe:2456
software__3470_il4326946.exe:972
DealPlyUpdateVer.exe:3440
Baofeng.exe:752
Baofeng.exe:2268
eGdpSvc.exe:2536
eGdpSvc.exe:2424
fileseta.exe:604
DealPlyLive.exe:2276
DealPlyLive.exe:3660
DealPlyLive.exe:2228
DealPlyLive.exe:3104
DealPlyLive.exe:3124
DealPlyLive.exe:3004
DealPlyLive.exe:3524
DealPlyLive.exe:3312
schtasks.exe:3400
schtasks.exe:3372
iexplore.exe:1412
desktopy_1.exe:1068
uninst.exe:2548
regsvr32.exe:2604
regsvr32.exe:2700
msiexec.exe:2480
%original file name%.exe:1980

The Trojan injects its code into the following process(es):

eGdpSvc.exe:2596
desktopy.exe:572

File activity

The process desktopy-plugins.exe:1728 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\desktopy\uninstall.exe (47270 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\desktopy.oex (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\nszD.tmp (516 bytes)
C:\sqlite3.dll (597460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (36669 bytes)
C:\desktopyHelper.exe (120899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opera.patch.txt (365 bytes)
C:\xromDesk.exe (633607 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\wuid-7a532543-ed74-7a4b-be21-84042bfde73b\prefs.dat (486 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (0 bytes)
C:\xromDesk.exe (0 bytes)

The process amt_dosearches.exe:1476 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\UpDate.dll (109056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\1.1.7.8.crx (430850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (1771688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\DataBase (1174544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp (2478080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package1.zip (3666594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\Baofeng.exe (132992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\ep.zip (55601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package2.zip (4483456 bytes)

The process Updater.exe:1184 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\rfsE.tmp (1 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe (291880 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.xml (6311 bytes)
%WinDir%\Tasks\AmiUpdXp.job (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsF.tmp (48 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater (4096 bytes)

The process dp.exe:2456 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (165920 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (143960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (718880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (51066 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (958464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (94750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (15086 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (174136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (130744 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (0 bytes)

The process software__3470_il4326946.exe:972 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (305132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh6.tmp (463568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (3071721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\index[1].htm (16431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (250644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
D:\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (2998641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\amipb[1].js (31191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh7.tmp (1544092 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Updater.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\desktopy_1.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amt_dosearches.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (0 bytes)

The process Baofeng.exe:752 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\UpDate.dll (92672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\1.1.7.8.crx (414466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\Baofeng.exe (116608 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãâ€”ÃÂ°ÃÂ¿Ã‘Æ’Ã‘ÂÃ‘â€šÃÂ¸Ã‘â€šÃ‘Å’ ÃÂ¾ÃÂ±ÃÂ¾ÃÂ·Ã‘â‚¬ÃÂµÃÂ²ÃÂ°Ã‘â€šÃÂµÃÂ»Ã‘Å’ Internet Explorer.lnk (1011 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\DataBase (1125392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\package1.zip (1392290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\ep.zip (39217 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\Internet Explorer.lnk (999 bytes)

The process Baofeng.exe:2268 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp (8192 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (0 bytes)

The process eGdpSvc.exe:2536 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (670 bytes)

The process eGdpSvc.exe:2596 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (1130 bytes)

The process eGdpSvc.exe:2424 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\All Users\Application Data\eSafe (4096 bytes)

The process fileseta.exe:604 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (10336 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (0 bytes)
C:\BEC2C7F1395083AEF6948E1BA118CFAF.EXE (0 bytes)

The process DealPlyLive.exe:2276 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1104 bytes)

The process DealPlyLive.exe:3660 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (48483 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (40992 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 (128 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D (132 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll (158240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (37408 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (54009 bytes)
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5426 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 (126 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (55328 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (39456 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (48160 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (48483 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (46112 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll (818208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 (53259 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D (494 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 (75433 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (50208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (46112 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineCore.job (886 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (48672 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (36384 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineUA.job (890 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (34336 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (38432 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (160255 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (42528 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (116 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (32800 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (122 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (30752 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (0 bytes)

The process DealPlyLive.exe:2228 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5578 bytes)

The process DealPlyLive.exe:3104 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (5474 bytes)

The process DealPlyLive.exe:3124 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (2878 bytes)

The process DealPlyLive.exe:3004 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1222 bytes)

The process DealPlyLive.exe:3524 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (40992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (42528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (39456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (7520256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (36384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (50208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (48160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (55328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (37408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (34336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (48672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (1342496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (32800 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (0 bytes)

The process DealPlyLive.exe:3312 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (3818 bytes)

The Trojan deletes the following file(s):

%Program Files%\DealPlyLive\Update\Install (0 bytes)

The process schtasks.exe:3400 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\DealPlyUpdate.job (288 bytes)

The process iexplore.exe:1412 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\test@desktopy[2].txt (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\green_arrow[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\logo_huge[1].png (22860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\setiecookie[1].htm (2624 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013111120131112\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24576 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\setcook[1].css (859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_01[1].jpg (43768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_02[1].jpg (64525 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013093020131001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013093020131001\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (0 bytes)

The process desktopy_1.exe:1068 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp (399709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktopy-plugins[1].exe (761152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktopy[1].exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (25600 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (761152 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe (106170 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\desktopy.ru\desktopy.lnk (878 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»\desktopy.lnk (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (7168 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (0 bytes)

The process uninst.exe:2548 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (42 bytes)
%Program Files%\DealPly\DealPly.crx (51066 bytes)
%Program Files%\DealPly\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\logs\uninst.log (2181 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (1036 bytes)
%Program Files%\DealPly\uninst.exe (892928 bytes)
%Program Files%\DealPly\DealPlyIE.dll (100384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\DealPly Help.url (121 bytes)
%Program Files%\DealPly\DealPlyUpdate.exe (78424 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js (94750 bytes)
%Program Files%\DealPly\icon.ico (15086 bytes)
%Program Files%\DealPly\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\Uninstall DealPly.lnk (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\DealPly.url (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon48.png (3885 bytes)
%Program Files%\DealPly\DealPlyUpdateRun.exe (92704 bytes)

The process msiexec.exe:2480 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\config\SYSTEM (53248 bytes)
%System%\config\system.LOG (10240 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (17920 bytes)
%WinDir%\Installer\6cfc25.msi (43520 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (61440 bytes)
%WinDir%\Installer\6cfc28.ipi (22228 bytes)
%WinDir%\Installer\MSI18.tmp (1587 bytes)
%System%\config (28672 bytes)
%Documents and Settings%\%current user% (28672 bytes)
%WinDir%\Installer (12288 bytes)
%WinDir%\Installer\6cfc29.msi (73239 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸ (0 bytes)
%WinDir%\Installer\6cfc25.msi (0 bytes)
%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\ÃÂÃÂ´ÃÂ¼ÃÂ¸ÃÂ½ÃÂ¸Ã‘ÂÃ‘â€šÃ‘â‚¬ÃÂ¸Ã‘â‚¬ÃÂ¾ÃÂ²ÃÂ°ÃÂ½ÃÂ¸ÃÂµ (0 bytes)
%WinDir%\Installer\6cfc28.ipi (0 bytes)
D:\MSIcfc27.tmp (0 bytes)
%WinDir%\Installer\MSI18.tmp (0 bytes)
C:\MSIcfc26.tmp (0 bytes)

The process %original file name%.exe:1980 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (371540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.exe (86191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (42 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (0 bytes)

Registry activity

The process desktopy-plugins.exe:1728 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F DA AC 22 DD 82 0C 5F 88 CC FB 43 F8 94 D7 10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy]
"UninstallString" = "%Program Files%\desktopy\uninstall.exe"
"DisplayName" = "desktopy"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The process amt_dosearches.exe:1476 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp\fullpackage_temp]
"Baofeng.exe" = "Ã¦Å¡Â´Ã©Â£Å½Ã¥Â½Â±Ã©Å¸Â³Ã¥Ââ€¡Ã§ÂºÂ§Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 41 E7 4A B6 EF 11 25 B7 07 35 F9 B2 1B 88 C0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process ctfmon.exe:536 makes changes in the system registry.

The Trojan deletes the following value(s) in system registry:

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"

The process Updater.exe:1184 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayName" = "Software Version Updater"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\SwvUpdater]
"Updater.exe" = "Updater"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe /uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"InstallLocation" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayVersion" = "1.1.3.8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 E1 8F 2A 88 C3 F2 E9 29 4B 66 CE 70 E0 3B BE"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level" = ""

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]
"NoModify" = "1"
"NoRepair" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Updater\DEBUG]
"Trace Level"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SwvUpdtr"

The process Updater.exe:888 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\TypeLib]
"(Default)" = "{A0EE0278-2986-4E5A-884E-A3BF0357E476}"

[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]
"(Default)" = "IAmiUpd"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]
"(Default)" = "AmiUpd Class"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0]
"(Default)" = "UpdaterLib"

[HKCR\Updater.AmiUpd\CurVer]
"(Default)" = "Updater.AmiUpd.1"

[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\VersionIndependentProgID]
"(Default)" = "Updater.AmiUpd"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"

[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCR\Updater.AmiUpd.1\CLSID]
"(Default)" = "{67BD9EEB-AA06-4329-A940-D250019300C9}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKCR\Updater.AmiUpd]
"(Default)" = "AmiUpd Class"

[HKCR\Updater.AmiUpd.1]
"(Default)" = "AmiUpd Class"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 91 76 DB 52 92 9B 83 D4 97 50 69 6C D6 E7 FB"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\TypeLib]
"(Default)" = "{A0EE0278-2986-4E5A-884E-A3BF0357E476}"

[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\LocalServer32]
"ServerExecutable" = "%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}\ProgID]
"(Default)" = "Updater.AmiUpd.1"

[HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]
"AppID" = "{D360864B-312F-4EC7-B99C-B87B753C13A5}"

The process dp.exe:2456 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 B3 F4 1F B2 95 0E 6F DE A4 BA F1 29 DF BC F6"

The process software__3470_il4326946.exe:972 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID]
"(Default)" = "AmiBs.Installer"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version]
"(Default)" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
"(Default)" = "{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}]
"(Default)" = "Installer Class"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"desktopy_1.exe" = "desktopy_1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"ServerExecutable" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKCR\AmiBs.Installer.1\CLSID]
"(Default)" = "{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}"

[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp\software__3470_il4326946.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\AmiBs.Installer]
"(Default)" = "Installer Class"

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\test\LOCALS~1\Temp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}]
"(Default)" = "IBoot"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "software__3470_il4326946.exe"

[HKCR\AmiBs.Installer.1]
"(Default)" = "Installer Class"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib]
"(Default)" = "{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID]
"(Default)" = "AmiBs.Installer.1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1383940624"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"Updater.exe" = "Updater"
"dp.exe" = "DealPly"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 7F 2A 05 C0 CD FE 6A F9 29 39 29 C6 DA 86 41"

[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0]
"(Default)" = "InstallerLib"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCR\AmiBs.Installer\CurVer]
"(Default)" = "AmiBs.Installer.1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\software__3470_il4326946\DEBUG]
"Trace Level" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp]
"amt_dosearches.exe" = "Skytech Downloader"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version]
[HKCR\AmiBs.Installer.1\CLSID]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}]
[HKCR\AmiBs.Installer.1]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib]
[HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0]
[HKCR\AmiBs.Installer]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Programmable]
[HKCR\AmiBs.Installer\CurVer]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID]
[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}]
[HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\software__3470_il4326946\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoConfigURL"

[HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32]
"ServerExecutable"

The process DealPlyUpdateVer.exe:3440 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 05 84 B2 49 0F 07 72 BE 66 CB 8E 46 DD 29 9E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

The process Baofeng.exe:752 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Clients\StartMenuInternet\VMWAREHOSTOPEN.EXE\shell\open\command]
"(Default)" = "%Program Files%\VMware\VMware Tools\VMwareHostOpen.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKLM\SOFTWARE\dosearchesSoftware\dosearcheshp]
"Time" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

[HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=sc&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ²ÃÂ¸ÃÂ´ÃÂµÃÂ¾ÃÂ·ÃÂ°ÃÂ¿ÃÂ¸Ã‘ÂÃÂ¸"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 59 07 C8 C8 F7 B6 BF 3E A0 BB BD 1A F5 34 93"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\dosearchesSoftware\dosearcheshp]
"oem" = "amt"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant" = "http://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001&ts=1384143328&type=default&q={searchTerms}"

The process Baofeng.exe:2268 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 C4 0E B1 33 D0 AA D1 4E 4F 6B 91 19 DD 2A 99"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\test\LOCALS~1\Temp\fullpackage_temp]
"eGdpSvc.exe" = "Wsys Control 10.2.1.2652"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process eGdpSvc.exe:2536 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 00 68 AA EF 11 F6 E9 62 9C D7 93 8E 9E D4 3C"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\WsysSvc]
"EventMessageFile" = "%Documents and Settings%\All Users\e-"

[HKLM\SOFTWARE\eSafeSecControl]
"sid" = "eGdp"
"pid" = "eSafe"
"channel" = "eGdp"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\WsysSvc]
"TypesSupported" = "7"

[HKLM\SOFTWARE\eSafeSecControl]
"ptid" = "amt"
"ver" = "10.2.1.2652"

The process eGdpSvc.exe:2596 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 4A B3 2C 09 A2 CF 31 26 87 64 F9 AA C9 89 8C"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\eSafeSecControl]
"sid" = "eGdp"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\eSafeSecControl]
"ver" = "10.2.1.2652"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process eGdpSvc.exe:2424 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 79 2B F3 74 16 73 E8 30 12 71 24 83 53 51 5F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"UninstallString" = "%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe -unsvc"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\All Users\Application Data\eSafe]
"eGdpSvc.exe" = "Wsys Control 10.2.1.2652"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"publisher" = "Wsys Co., Ltd."
"DisplayName" = "Wsys Control 10.2.1.2652"
"DisplayIcon" = "%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl]
"DisplayVersion" = "10.2.1.2652"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process fileseta.exe:604 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\ÃËœÃÂ·ÃÂ±Ã‘â‚¬ÃÂ°ÃÂ½ÃÂ½ÃÂ¾ÃÂµ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\ÃÂÃÂ²Ã‘â€šÃÂ¾ÃÂ·ÃÂ°ÃÂ³Ã‘â‚¬Ã‘Æ’ÃÂ·ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"
"Common Startup" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\ÃÂÃÂ²Ã‘â€šÃÂ¾ÃÂ·ÃÂ°ÃÂ³Ã‘â‚¬Ã‘Æ’ÃÂ·ÃÂºÃÂ°"
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Start Menu" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"
"My Music" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ²ÃÂ¸ÃÂ´ÃÂµÃÂ¾ÃÂ·ÃÂ°ÃÂ¿ÃÂ¸Ã‘ÂÃÂ¸"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 3B F1 68 A5 DA F4 AF 0F C9 D9 D3 EC C1 69 D8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"
"Programs" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\ÃËœÃÂ·ÃÂ±Ã‘â‚¬ÃÂ°ÃÂ½ÃÂ½ÃÂ¾ÃÂµ"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

The process DealPlyLive.exe:2276 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"

[HKCR\DealPlyLiveUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"(Default)" = "ServiceModule"

[HKCR\DealPlyLiveUpdate.CoreClass\CLSID]
"(Default)" = "{CA5D945F-E738-4D0B-A0B5-25AC51C64659}"

[HKCR\DealPlyLiveUpdate.CoreClass\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoreClass.1"

[HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"

[HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"LocalService" = "dealplylive"

[HKCR\DealPlyLiveUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService.1.0"

[HKCR\DealPlyLiveUpdate.CoreClass.1\CLSID]
"(Default)" = "{CA5D945F-E738-4D0B-A0B5-25AC51C64659}"

[HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"

[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\DealPlyLiveUpdate.Update3COMClassService\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService.1.0"

[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoreClass.1"

[HKCR\DealPlyLiveUpdate.Update3WebSvc\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc.1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoreClass"

[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"AppID" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"

[HKCR\DealPlyLiveUpdate.Update3COMClassService\CLSID]
"(Default)" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"

[HKCR\DealPlyLiveUpdate.CoreClass.1]
"(Default)" = "DealPly Live Core Class"

[HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}]
"(Default)" = "ServiceModule"
"ServiceParameters" = "/comsvc"

[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc.1.0"

[HKCR\DealPlyLiveUpdate.Update3WebSvc\CLSID]
"(Default)" = "{F7698761-4ABA-45C2-A5BB-D2163922C725}"

[HKCR\AppID\DealPlyLive.exe]
"AppID" = "{F48FC5B2-094A-44C7-B48C-289738C9582D}"

[HKCR\DealPlyLiveUpdate.CoreClass]
"(Default)" = "DealPly Live Core Class"

[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"LocalService" = "dealplylivem"

[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}]
"(Default)" = "DealPly Live Core Class"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 54 FC 9B 1E 0B D0 90 03 53 01 44 A9 E6 4F 3B"

[HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{F7698761-4ABA-45C2-A5BB-D2163922C725}"

[HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3COMClassService"

[HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebSvc"

[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}]
"ServiceParameters" = "/comsvc"

[HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}]
"AppID" = "{80FABB17-63AF-4655-9F07-B6509EE37AF2}"

[HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassSvc"

The Trojan deletes the following registry key(s):

[HKCR\AppID\DealPlyLive.exe]

The process DealPlyLive.exe:3660 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43DDB1FFF3B49B73831407F6BC8B975023D07C50]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 00 53 1D 1D"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 E6 0B D2 C9"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4B421F7515F6AE8A6ECEF97F6982A400A4D9224E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 5A 11 B9 22"

[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"(Default)" = "DealPlyLive Update Plugin"

[HKCR\DealPlyLive.Update3WebControl.3]
"(Default)" = "DealPlyLive Update Plugin"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Version" = "3"

[HKCR\DealPlyLive.Update3WebControl.3\CLSID]
"(Default)" = "{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 DD 75 3F 56"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"client" = "{"h":"v24873227192535853216202013111104154816","p":"dpmnt","c":"dpmnt3470","v":"4873"}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4C95A9902ABE0777CED18D6ACCC3372D2748381E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 4B 1C 56 8C"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4072BA31FEC351438480F62E6CB95508461EAB2F]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 70 B5 7C 48"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 C5 70 C4 A2"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 1E 74 C3 86"

[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"Policy" = "3"

[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\ProgID]
"(Default)" = "DealPlyLive.Update3WebControl.3"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 7B B5 08 99"

[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4BA7B9DDD68788E12FF852E1A024204BF286A8F6]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 18 AE 69 5D"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\394FF6850B06BE52E51856CC10E180E882B385CC]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 AA BF BF 64"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 3E 80 17 5B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 15 B2 98 A3"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Vendor" = "DealPly Technologies Ltd"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Description" = "DealPlyLive Update"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4463C531D7CCC1006794612BB656D3BF8257846F]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 74 7B 82 03"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Vendor" = "DealPly Technologies Ltd"
"Path" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 4C 56 41 E5"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"AppPath" = "%Program Files%\DealPlyLive\Update"

[HKLM\SOFTWARE\DealPlyLive\Update]
"version" = "1.3.23.0"
"path" = "%Program Files%\DealPlyLive\Update\DealPlyLive.exe"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Version" = "9"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"pv" = "1.3.23.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"name" = "DealPly Live"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 45 ED 9B BC"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 E1 4B 52 73"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 01 1A 3F 4D"

[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"(Default)" = "DealPlyLive Update Plugin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}]
"AppName" = "DealPlyLive.exe"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43F9B110D5BAFD48225231B0D0082B372FEF9A54]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 25 9D CF 5E"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2F173F7DE99667AFA57AF80AA2D1B12FAC830338]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 AB BF EA E3"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Description" = "DealPlyLive Update"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 85 2F F4 76"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3]
"CLSID" = "{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 F2 7D E9 54"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"AppName" = "DealPlyLiveBroker.exe"

[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\DealPlyLive\Update]
"DealPlyLive.exe" = "DealPlyLive Update"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 A9 23 75 9B"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 3A B2 DE 22"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Path" = "%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 00 7C 2D FE 9A 14 D1 35 80 C9 DD 19 12 E8 9D"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 DB 23 3D F9"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}]
"AppPath" = "%Program Files%\DealPlyLive\Update\1.3.23.0"

[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"pv" = "1.3.23.0"

[HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ProgID]
"(Default)" = "DealPlyLive.OneClickCtrl.9"

[HKCR\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9]
"CLSID" = "{7F1796B2-BEC6-427B-B734-F9C75ED94A80}"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"brand" = "GGLS"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 50 E1 41 9D"

[HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 2A 5D 00 37"

[HKCR\DealPlyLive.OneClickCtrl.9]
"(Default)" = "DealPlyLive Update Plugin"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"InstallTime" = "1384143387"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 26 6D 2C 19"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"ProductName" = "DealPlyLive Update"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47AFB915CDA26D82467B97FA42914468726138DD]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 50 19 3E 2F"

[HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"ProductName" = "DealPlyLive Update"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 03 42 87 D7"

[HKCR\DealPlyLive.OneClickCtrl.9\CLSID]
"(Default)" = "{7F1796B2-BEC6-427B-B734-F9C75ED94A80}"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 8C D7 9F EB"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update]
"LastChecked"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"43F9B110D5BAFD48225231B0D0082B372FEF9A54"

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4C95A9902ABE0777CED18D6ACCC3372D2748381E"
"0048F8D37B153F6EA2798C323EF4F318A5624A9E"
"3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA"
"273EE12457FDC4F90C55E82B56167F62F532E547"
"209900B63D955728140CD13622D8C687A4EB0085"
"4BA7B9DDD68788E12FF852E1A024204BF286A8F6"
"0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52"
"1F55E8839BAC30728BE7108EDE7B0BB0D3298224"
"049811056AFE9FD0F5BE01685AACE6A5D1C4454C"
"4463C531D7CCC1006794612BB656D3BF8257846F"
"40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC"

[HKLM\SOFTWARE\DealPlyLive\Update]
"ui"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4B421F7515F6AE8A6ECEF97F6982A400A4D9224E"

[HKLM\SOFTWARE\DealPlyLive\Update]
"uid"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C"

[HKLM\SOFTWARE\DealPlyLive\Update]
"eulaaccepted"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"36863563FD5128C7BEA6F005CFE9B43668086CCE"

[HKLM\SOFTWARE\DealPlyLive\Update\ClientState\{0d629f4e-4984-400f-addb-97a2cb6ae549}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"24A40A1F573643A67F0A4B0749F6A22BF28ABB6B"
"216B2A29E62A00CE820146D8244141B92511B279"
"00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099"
"23E594945195F2414803B4D564D2A3A3F5D88B8C"
"47AFB915CDA26D82467B97FA42914468726138DD"
"02FAF3E291435468607857694DF5E45B68851868"
"317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6"
"24BA6D6C8A5B5837A48DB5FAE919EA675C94D217"
"2F173F7DE99667AFA57AF80AA2D1B12FAC830338"
"43DDB1FFF3B49B73831407F6BC8B975023D07C50"
"284F55C41A1A7A3F8328D4C262FB376ED6096F24"
"1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB"
"4072BA31FEC351438480F62E6CB95508461EAB2F"
"394FF6850B06BE52E51856CC10E180E882B385CC"
"4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9"

[HKLM\SOFTWARE\DealPlyLive\Update]
"mi"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"0483ED3399AC3608058722EDBC5E4600E3BEF9D7"

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"c"

The process DealPlyLive.exe:2228 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 07 E5 28 41 3C C3 AC 82 5E 29 1D 57 C7 68 A5"

[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"

The process DealPlyLive.exe:3104 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 15 D8 C0 A9 1A BD 5D FC FD E8 F0 13 82 26 36"

[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"

The process DealPlyLive.exe:3124 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 BD 7D DD B7 B5 B9 B6 CB CD 1D F2 C7 D7 8E 1A"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update]
"eulaaccepted"

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"

The process DealPlyLive.exe:3004 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\DealPlyLiveUpdate.ProcessLauncher\CurVer]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher.1.0"

[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}]
"(Default)" = "IJobObserver"

[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\NumMethods]
"(Default)" = "39"

[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}]
"(Default)" = "IPackage"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}]
"(Default)" = "DealPly Live Core Class"

[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"

[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}]
"(Default)" = "ICoCreateAsync"

[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\VersionIndependentProgID]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{83ABA270-8390-4CA6-AE48-FC089F55629E}"

[HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}\InProcServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"

[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLiveUpdate.ProcessLauncher]
"(Default)" = "DealPly Live Process Launcher Class"

[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}]
"(Default)" = "CoCreateAsync"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass"

[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}]
"(Default)" = "IProcessLauncher"

[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"

[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\NumMethods]
"(Default)" = "10"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}]
"(Default)" = "IAppWeb"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass.1"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine.1.0"

[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLive.OneClickProcessLauncherMachine]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"

[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\Elevation]
"Enabled" = "1"

[HKCR\DealPlyLiveUpdate.Update3WebMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\Elevation]
"Enabled" = "1"

[HKCR\DealPlyLive.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{C536F080-57B7-46D6-8894-C647553F2889}"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{1E0C9B2A-6447-452C-B012-2314A0C29412}"

[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}]
"(Default)" = "DealPly Live Process Launcher Class"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"

[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLiveUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"

[HKCR\Interface\{1644E2E1-E15E-4E9E-9B25-5668536DD6A7}]
"(Default)" = "IGoogleUpdate3"

[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}]
"(Default)" = "IAppVersion"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\ProgID]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher.1.0"

[HKCR\DealPlyLiveUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{501CB57A-D4E2-4855-96AD-EDB0A9083395}"

[HKCR\Interface\{E9ECFFF9-2011-439F-92EB-BE145ACD87DA}]
"(Default)" = "IProgressWndEvents"

[HKCR\Interface\{E515494B-7548-462A-B7E7-A3E6F8C4899C}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"

[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{FBB92627-0DAA-4B69-97CC-9879236FE039}]
"(Default)" = "IBrowserHttpRequest2"

[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\Elevation]
"Enabled" = "1"

[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}"

[HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 19 81 1E 9D 50 D4 DE 08 DD 9E 0E 05 C8 46 19"

[HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}"

[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}]
"(Default)" = "IAppBundleWeb"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}\NumMethods]
"(Default)" = "5"

[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{C536F080-57B7-46D6-8894-C647553F2889}"

[HKCR\Interface\{A6670033-7A4B-4F59-B8A9-A7CEBF3CE960}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\DealPlyLiveUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}"

[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}"

[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"

[HKCR\DealPlyLiveUpdate.ProcessLauncher\CLSID]
"(Default)" = "{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "DealPly Live Legacy On Demand"

[HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}"

[HKCR\DealPlyLiveUpdate.Update3WebMachine]
"(Default)" = "DealPly Live Broker Class Factory"

[HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{753C5ED0-B9AB-4F1E-8DAC-668E701CA569}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}]
"(Default)" = "IAppVersionWeb"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"

[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}]
"(Default)" = "IApp"

[HKCR\Interface\{0E8990F4-2FC9-403C-883B-535D6271E740}\NumMethods]
"(Default)" = "13"

[HKCR\DealPlyLiveUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine.1.0"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"

[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"

[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}"

[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback"

[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{B1285825-F24F-4651-9F8A-2012460AD2FC}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{80995911-5CF2-483F-A260-C736E8D0C691}\NumMethods]
"(Default)" = "40"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"

[HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"

[HKCR\Interface\{B3D38AE9-C808-4811-8417-F114839D6392}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.ProcessLauncher"

[HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0]
"(Default)" = "DealPly Live Process Launcher Class"

[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"

[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}\NumMethods]
"(Default)" = "8"

[HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\DealPlyLiveUpdate.CoCreateAsync\CLSID]
"(Default)" = "{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}"

[HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}]
"LocalizedString" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-3000"

[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}]
"(Default)" = "PSFactoryBuffer"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\ProgID]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback.1.0"

[HKCR\Interface\{C0233F6C-3110-4AEA-A798-C81DA43CED9E}\NumMethods]
"(Default)" = "4"

[HKCR\DealPlyLiveUpdate.CoreMachineClass\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoreMachineClass.1"

[HKCR\DealPlyLiveUpdate.CoreMachineClass]
"(Default)" = "DealPly Live Core Class"

[HKCR\DealPlyLiveUpdate.CoreMachineClass.1]
"(Default)" = "DealPly Live Core Class"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\Elevation]
"IconReference" = "@%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll,-1004"

[HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\DealPlyLiveUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{B8E64931-27EF-42BC-AF3B-0E2B25D17567}\NumMethods]
"(Default)" = "8"

[HKCR\DealPlyLiveUpdate.Update3WebMachine\CLSID]
"(Default)" = "{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}"

[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachineFallback"

[HKCR\DealPlyLive.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine.1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}\ProgID]
"(Default)" = "DealPlyLive.OneClickProcessLauncherMachine.1.0"

[HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}\ProgID]
"(Default)" = "DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{83ABA270-8390-4CA6-AE48-FC089F55629E}"

[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}\NumMethods]
"(Default)" = "4"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}]
"CLSID" = "{C536F080-57B7-46D6-8894-C647553F2889}"

[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}]
"Policy" = "3"

[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\VersionIndependentProgID]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync"

[HKCR\Interface\{DF51AD29-5239-441A-B921-E655C8162060}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\Interface\{469960F8-8172-4386-BBB1-DF3590027D58}]
"(Default)" = "ICurrentState"

[HKCR\Interface\{CC5B7648-AAF8-4642-B53D-B7B5E4AE7241}\ProxyStubClsid32]
"(Default)" = "{0D89DE71-3D99-4288-84DC-F18F1047A7D8}"

[HKCR\DealPlyLiveUpdate.CoreMachineClass\CLSID]
"(Default)" = "{501CB57A-D4E2-4855-96AD-EDB0A9083395}"

[HKCR\Interface\{D325B617-D6F9-4C72-90B2-A38E6D15C16E}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\Interface\{BE952BDF-6FDF-4A62-B318-E15D4487A2EF}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{9BAC5A3B-33FD-4DB9-A4F1-B749498D4017}]
"(Default)" = "IGoogleUpdate"

[HKCR\DealPlyLiveUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "DealPlyLiveUpdate.Update3WebMachineFallback.1.0"

[HKCR\DealPlyLiveUpdate.CoCreateAsync\CurVer]
"(Default)" = "DealPlyLiveUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{821ED2B3-866E-4177-870E-52D995D123D0}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}\ProgID]
"(Default)" = "DealPlyLiveUpdate.CredentialDialogMachine.1.0"

[HKCR\Interface\{9B4E4BF6-9346-4969-8428-C3CB81CD7A30}]
"(Default)" = "IAppBundle"

[HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"

[HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{1E0C9B2A-6447-452C-B012-2314A0C29412}"

[HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe"

[HKCR\Interface\{066D89E6-B457-4A57-888A-B0AEB11D5BF1}]
"(Default)" = "ICredentialDialog"

[HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0]
"(Default)" = "DealPlyLive.OneClickProcessLauncher"

[HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}\LocalServer32]
"(Default)" = "%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe"

[HKCR\Interface\{2BA83048-8B7C-4186-843B-D97FC1A6AE95}\NumMethods]
"(Default)" = "14"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}]
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}]
[HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}\InprocServer32]
[HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}\InprocHandler32]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"

The process DealPlyLive.exe:3524 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 3B F9 1C 84 7A E2 4F 05 EA E7 51 D5 F8 00 EA"

The process DealPlyLive.exe:3312 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF 70 67 F6 84 E7 8C 4D 04 A1 82 69 35 E0 45 0B"

[HKCU\Software\DealPlyLive\Update\proxy]
"source" = "IE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DealPlyLive\Update]
"uid"

[HKLM\SOFTWARE\DealPlyLive\Update\network\secure]
"sk"
"c"

The process schtasks.exe:3400 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 43 A0 4D B0 DD 3C 18 48 0D D7 49 67 07 87 1D"

The process schtasks.exe:3372 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 1C 5C 07 0B 7C 12 C9 BA 91 22 D0 00 1A 45 52"

The process desktopy.exe:572 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 11 E6 46 AD E3 9F EF A4 C7 20 B3 94 7C 76 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1362895428"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "desktopy.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

The process iexplore.exe:1412 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Type" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 31 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Count" = "13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CachePrefix" = ":2013111120131112:"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\ÃÂ¡Ã‘ÂÃ‘â€¹ÃÂ»ÃÂºÃÂ¸]
"Order" = "08 00 00 00 02 00 00 00 C2 01 00 00 01 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"NodeSlots" = "02 02 02 02 02 02 02 02 02 02 02 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
"(Default)" = "Java Plug-in 1.3.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 08 00 53 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
"(Default)" = "{5852F5ED-8BF4-11D4-A245-0080C6F74284}"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Type" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Count" = "13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Count" = "13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheLimit" = "8192"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_02"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Window_Placement" = "2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Type" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU]
"MRUListEx" = "01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Count" = "17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_09"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 62 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_27"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 33 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore]
"Type" = "3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_26"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_18"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheRepair" = "0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.0_03"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
"Count" = "15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_21"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.0_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CacheOptions" = "11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar]
"Locked" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_10"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 08 00 82 02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_23"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_16"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.6.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_29"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.0_04"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
"Time" = "DD 07 0B 00 01 00 0B 00 04 00 0F 00 09 00 62 02"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 31 65 B0 57 DF 8F 19 EB 65 46 1A 20 F9 CA EB"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\ÃËœÃÂ·ÃÂ±Ã‘â‚¬ÃÂ°ÃÂ½ÃÂ½ÃÂ¾ÃÂµ"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013111120131112]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013111120131112\"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_20"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_05"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.6.0_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_09"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_13"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_17"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_11"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_07"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_19"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_25"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_30"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_22"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.6.0_01"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_27"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_03"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.3.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.1_02"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_24"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
"(Default)" = "Java Plug-in 1.5.0_14"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.3.1_08"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_28"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
"(Default)" = "Java Plug-in 1.4.2_12"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
"(Default)" = "%Program Files%\Java\jre6\bin\jp2iexp.dll"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_15"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.5.0_06"

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
"(Default)" = "Java Plug-in 1.4.2_09"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\JavaPlugin.160_18\CLSID]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\JavaPlugin.160_18]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013093020131001]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[HKCU\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process desktopy_1.exe:1068 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\desktopy.ru]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\desktopy]
"(Default)" = "URL:desktopy Protocol"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\desktopy.ru]
"first run" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\desktopy\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe -a %1"

[HKCR\desktopy]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FE622EA7B33CA46519AB39736A66B8F6E41FF157]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 53 66 EA 0C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy.ru]
"DisplayName" = "desktopy.ru"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ²ÃÂ¸ÃÂ´ÃÂµÃÂ¾ÃÂ·ÃÂ°ÃÂ¿ÃÂ¸Ã‘ÂÃÂ¸"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 3E F3 F6 03 1B A4 71 FF EC 1A BB 6B 58 F9 E3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktopy.ru]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe"

[HKCU\Software\desktopy.ru]
"key" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\desktopy.ru]
"desktopy.exe" = "Desktopy.ru wallpaper saver"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"desktopy" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe is_autoruned"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"FE622EA7B33CA46519AB39736A66B8F6E41FF157"

The process uninst.exe:2548 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\DealPly]
"OriginalCommand" = "/S /OPTIMIZE /PARTNER=dpmnt /CHANNEL=3470 /i"
"VersionFull" = "4.8.7.3"
"FirefoxXpiPath" = "%Program Files%\DealPly\DealPly.xpi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"EstimatedSize" = "1312"

[HKCU\Software\DealPly]
"Partner" = "dpmnt"
"InstallDir" = "%Program Files%\DealPly"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\DealPlyLive\Update\Clients\{7fd0cf91-965a-4732-bb60-f2dad1824a0f}]
"pv" = "1.0.0.1"

[HKLM\SOFTWARE\DealPly]
"VersionInt" = "4873"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKCU\Software\DealPly]
"InstallDateHuman" = "11/11/2013 04:15:48"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayIcon" = "%Program Files%\DealPly\uninst.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"Publisher" = "DealPly Technologies Ltd."

[HKCU\Software\DealPly]
"ChromeCrxPath" = "%Program Files%\DealPly\DealPly.crx"

[HKLM\SOFTWARE\DealPly]
"InstallId" = "v24873227192535853216202013111104154816"
"InstallStatus" = "OK"
"VersionFull" = "4.8.7.3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Explorer\Approved Extensions]
"{9cf699ca-2174-4ed8-bec1-ba82095edce0}" = "51 66 7A 6C 4C 1D 3B 1B DA 81 E4 83 44 76 B0 02"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\DealPly]
"InstallId" = "v24873227192535853216202013111104154816"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\DealPly]
"OriginalOptimize" = "1"
"OriginalCommand" = "/S /OPTIMIZE /PARTNER=dpmnt /CHANNEL=3470 /i"
"Partner" = "dpmnt"

[HKCU\Software\DealPly]
"OriginalOptimize" = "1"

[HKLM\SOFTWARE\DealPly]
"FirefoxXpiPath" = "%Program Files%\DealPly\DealPly.xpi"
"InstallDateHuman" = "11/11/2013 04:15:48"

[HKCU\Software\DealPly]
"InstallDateMachine" = "20131111041548"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"URLInfoAbout" = "http://support.dealply.com/"

[HKLM\SOFTWARE\DealPly]
"Channel" = "dpmnt3470"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"NoModify" = "1"

[HKLM\SOFTWARE\DealPly]
"ChromeCrxPath" = "%Program Files%\DealPly\DealPly.crx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayVersion" = "4.8.7.3"

[HKCU\Software\DealPly]
"InstallStatus" = "OK"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ²ÃÂ¸ÃÂ´ÃÂµÃÂ¾ÃÂ·ÃÂ°ÃÂ¿ÃÂ¸Ã‘ÂÃÂ¸"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 89 FC F2 C4 70 F5 4E 33 B3 43 4C 01 A0 99 E2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"

[HKLM\SOFTWARE\DealPly]
"SampleGroup" = "6"
"InstallDateMachine" = "20131111041548"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"UninstallString" = "%Program Files%\DealPly\uninst.exe /uninstall"

[HKCU\Software\DealPly]
"Channel" = "dpmnt3470"

[HKLM\SOFTWARE\DealPly]
"IeDllPath" = "%Program Files%\DealPly\DealPlyIE.dll"
"InstallDir" = "%Program Files%\DealPly"

[HKCU\Software\DealPly]
"VersionInt" = "4873"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"HelpLink" = "http://www.dealply.com/"

[HKCU\Software\DealPly]
"SampleGroup" = "6"
"IeDllPath" = "%Program Files%\DealPly\DealPlyIE.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayName" = "DealPly (remove only)"

The process regsvr32.exe:2604 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 D2 04 99 4C 16 56 2A 9B BA 78 F9 11 F1 A8 43"

[HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}\InProcServer32]
"(Default)" = "%Program Files%\DealPly\DealPlyIE.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}]
"(Default)" = "DealPly Shopping"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cf699ca-2174-4ed8-bec1-ba82095edce0}]
"NoExplorer" = "1"

The process regsvr32.exe:2700 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 78 5C F1 B1 F7 1F 04 8C 43 1E 61 79 58 28 05"

The process msiexec.exe:2480 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Version" = "16973847"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AuthorizedLUAApp" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"WindowsInstaller" = "1"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"InstanceType" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"EstimatedSize" = "40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA]
"93BAD29AC2E44034A96BCB446EB8552E" = "02:\SOFTWARE\Google\Update\MsiStubRun"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Language" = "1033"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Media]
"1" = ";"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Publisher" = "DealPly Technologies Ltd"
"InstallSource" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Size" = ""
"InstallLocation" = ""
"WindowsInstaller" = "1"
"InstallDate" = "20131111"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"SystemComponent" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Features]
"Complete" = "0a5PL!)GT?sf9ax}}Y{_"

[HKCR\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName" = "DealPlyLiveHelper.msi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpLink" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayName" = "Google Update Helper"
"InstallDate" = "20131111"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"AuthorizedCDFPrefix" = ""
"URLInfoAbout" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Language" = "1033"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
"(Default)" = "%WinDir%\Installer\6cfc28.ipi"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\Patches]
"AllPatches" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Size" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\ÃÂ¨ÃÂ°ÃÂ±ÃÂ»ÃÂ¾ÃÂ½Ã‘â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
"HelpTelephone" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Readme" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"AuthorizedCDFPrefix" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"AdvertiseFlags" = "388"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMinor" = "3"
"Comments" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"ProductName" = "Google Update Helper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"EstimatedSize" = "40"
"InstallSource" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"
"DisplayName" = "Google Update Helper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"DisplayVersion" = "1.3.23.0"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"PackageCode" = "4CD9CAE01899C854FB28EAE19B4E15A0"

[HKLM\SOFTWARE\Google\Update]
"MsiStubRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F]
"93BAD29AC2E44034A96BCB446EB8552E" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Readme" = ""
"LocalPackage" = "%WinDir%\Installer\6cfc29.msi"
"URLInfoAbout" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Version" = "16973847"
"ModifyPath" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"URLUpdateInfo" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Contact" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Contact" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"HelpTelephone" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 F0 EE 89 2A FC CD CD AE CE 04 8E C1 C5 0B 69"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"URLUpdateInfo" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMinor" = "3"

[HKCR\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E]
"Complete" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"VersionMajor" = "1"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Version" = "16973847"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"Publisher" = "DealPly Technologies Ltd"
"SystemComponent" = "1"
"DisplayVersion" = "1.3.23.0"
"UninstallString" = "MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"HelpLink" = ""
"Language" = "1033"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource" = "n;1;%Program Files%\DealPlyLive\Update\1.3.23.0\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"Comments" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"VersionMajor" = "1"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Clients" = ":"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"InstallLocation" = ""

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1" = "%Program Files%\DealPlyLive\Update\1.3.23.0\"

[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]
"Assignment" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]

The process %original file name%.exe:1980 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\ÃËœÃÂ·ÃÂ±Ã‘â‚¬ÃÂ°ÃÂ½ÃÂ½ÃÂ¾ÃÂµ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Startup" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\ÃÂÃÂ²Ã‘â€šÃÂ¾ÃÂ·ÃÂ°ÃÂ³Ã‘â‚¬Ã‘Æ’ÃÂ·ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"
"Common Startup" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\ÃÂÃÂ²Ã‘â€šÃÂ¾ÃÂ·ÃÂ°ÃÂ³Ã‘â‚¬Ã‘Æ’ÃÂ·ÃÂºÃÂ°"
"Common Documents" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Start Menu" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½"
"My Music" = "%Documents and Settings%\%current user%\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ´ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾Ã‘Â ÃÂ¼Ã‘Æ’ÃÂ·Ã‘â€¹ÃÂºÃÂ°"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ ÃÂ²ÃÂ¸ÃÂ´ÃÂµÃÂ¾ÃÂ·ÃÂ°ÃÂ¿ÃÂ¸Ã‘ÂÃÂ¸"
"CommonPictures" = "%Documents and Settings%\All Users\Ãâ€ÃÂ¾ÃÂºÃ‘Æ’ÃÂ¼ÃÂµÃÂ½Ã‘â€šÃ‘â€¹\ÃÅ“ÃÂ¾ÃÂ¸ Ã‘â‚¬ÃÂ¸Ã‘ÂÃ‘Æ’ÃÂ½ÃÂºÃÂ¸"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 6C 98 FE 13 8F 92 47 39 8A 86 82 3F 0D F7 62"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»"
"Programs" = "%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\ÃËœÃÂ·ÃÂ±Ã‘â‚¬ÃÂ°ÃÂ½ÃÂ½ÃÂ¾ÃÂµ"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"

Network activity (URLs)

URL	IP
hxxp://dl.easy-free.ru/amonetisoft (Malicious)	95.211.162.11
hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/download.php?version=1.1.5.26&campid=3470&instid[appname]=software&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=&prefix=software&instid[thankyoupage]=
hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/index.php
hxxp://dyno3mlj15jgv.cloudfront.net/amipb.js
hxxp://ils-front-balancer2-400693425.us-east-1.elb.amazonaws.com/finalize.php
hxxp://stream.get-tune.net/mail/221656480/162844801/1385287990/0c775fc1cccdd90d/Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3	185.3.143.36
hxxp://s3-1.amazonaws.com/v4873/dp.exe
hxxp://d11ftuwdwpx4fl.cloudfront.net/Desktopy/desktopy_1.exe
hxxp://d11ftuwdwpx4fl.cloudfront.net/updater/Updater.exe
hxxp://www.soft365.com/hpnt/new/amt_dosearches.exe	208.43.232.118
hxxp://desktopy.ru/landing/setiecookie/	178.132.200.134
hxxp://desktopy.ru/themes/main/css/setcook.css
hxxp://desktopy.ru/themes/main/i/success_02.jpg
hxxp://desktopy.ru/themes/main/i/success_01.jpg
hxxp://desktopy.ru/themes/main/i/logo_huge.png
hxxp://desktopy.ru/themes/main/i/green_arrow.png
hxxp://chromede.com/inf/getzip?ptid=amt_dosearches&ver=3.0.2.2951&type=bnd
hxxp://chromede.com/files/zip/amt_dosearches_3.0.2.2951.bnd.zip
hxxp://chromede.com/inf/getzip?ptid=amt_dosearches&ver=3.0.2.2951&type=third
hxxp://chromede.com/files/zip/amt_dosearches_3.0.2.2951.3rd.zip
hxxp://xa.xingcloud.com/v4/sof-newgdp/VMwareXVirtualXIDEXHardXDrive_00000000000000000001?action=xa.geoip&update0=ref,amt&update1=nation,en&update2=language,en&update3=version,10.2.1.2652&update4=ref1,eGdp	65.255.35.148
hxxp://xa.xingcloud.com/v4/sof-newgdp/VMwareXVirtualXIDEXHardXDrive_00000000000000000001?action=visit&update0=ref,amt&update1=nation,en&update2=language,en&update3=version,10.2.1.2652&update4=ref1,eGdp
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt
hxxp://crl.usertrust.com/AddTrustExternalCARoot.crl	178.255.83.2
hxxp://crl.usertrust.com/UTN-USERFirst-Object.crl
hxxp://crl.usertrust.com/COMODOCodeSigningCA2.crl
cdn.cdndp.com	207.171.163.3
amon.gambling-slots.ru	54.243.61.26
cdn1.honestdownload.com	54.230.98.18
crl.comodoca.com	178.255.83.2
www.download.windowsupdate.com	23.3.90.249
www.soledownload.com	54.243.61.26
www.chromede.com	174.36.200.174
cdn3.honestdownload.com	54.230.98.178
crl.thawte.com

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):
desktopy-plugins.exe:1728
amt_dosearches.exe:1476
Updater.exe:1184
Updater.exe:888
dp.exe:2456
software__3470_il4326946.exe:972
DealPlyUpdateVer.exe:3440
Baofeng.exe:752
Baofeng.exe:2268
eGdpSvc.exe:2536
eGdpSvc.exe:2424
fileseta.exe:604
DealPlyLive.exe:2276
DealPlyLive.exe:3660
DealPlyLive.exe:2228
DealPlyLive.exe:3104
DealPlyLive.exe:3124
DealPlyLive.exe:3004
DealPlyLive.exe:3524
DealPlyLive.exe:3312
schtasks.exe:3400
schtasks.exe:3372
iexplore.exe:1412
desktopy_1.exe:1068
uninst.exe:2548
regsvr32.exe:2604
regsvr32.exe:2700
%original file name%.exe:1980
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\desktopy\uninstall.exe (47270 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\widgets.dat (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\desktopy.oex (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\nszD.tmp (516 bytes)
C:\sqlite3.dll (597460 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyC.tmp\Processes.dll (36669 bytes)
C:\desktopyHelper.exe (120899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opera.patch.txt (365 bytes)
C:\xromDesk.exe (633607 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Opera\Opera\widgets\wuid-7a532543-ed74-7a4b-be21-84042bfde73b\prefs.dat (486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\UpDate.dll (109056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\1.1.7.8.crx (430850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\eGdpSvc.exe (1771688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\DataBase (1174544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package1.zip (3666594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\amt_dosearches.db (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\Baofeng.exe (132992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\ep.zip (55601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fullpackage_temp\package2.zip (4483456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsE.tmp (1 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.exe (291880 bytes)
%Documents and Settings%\%current user%\Application Data\SwvUpdater\Updater.xml (6311 bytes)
%WinDir%\Tasks\AmiUpdXp.job (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rfsF.tmp (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crxls\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\defaults\preferences\defaults.js (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyIE.dll (165920 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdate.exe (143960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\o-update\DealPlyLive.exe (718880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\install.rdf (1036 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.crx (51066 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\uninst.exe (958464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\background.js (94750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\icon.ico (15086 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\crx\images\icon48.png (3885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateVer.exe (174136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\xpi\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\files\DealPlyUpdateRun.exe (130744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh5.tmp (305132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amipixel.cfg (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh6.tmp (463568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh3.tmp (3071721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\index[1].htm (16431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ami2.tmp.ico (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh4.tmp (250644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
D:\Jason_Derulo_ft._2_Chainz_-_Talk_Dirty_(get-tune.net).mp3 (2998641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\amipb[1].js (31191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\awh7.tmp (1544092 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\UpDate.dll (92672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\1.1.7.8.crx (414466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\Baofeng.exe (116608 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãâ€”ÃÂ°ÃÂ¿Ã‘Æ’Ã‘ÂÃ‘â€šÃÂ¸Ã‘â€šÃ‘Å’ ÃÂ¾ÃÂ±ÃÂ¾ÃÂ·Ã‘â‚¬ÃÂµÃÂ²ÃÂ°Ã‘â€šÃÂµÃÂ»Ã‘Å’ Internet Explorer.lnk (1011 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\amt_dosearches.json (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\conf (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\DataBase (1125392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\package1.zip (1392290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MircosoftStudio\ep.zip (39217 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\Internet Explorer.lnk (999 bytes)
%Documents and Settings%\All Users\Application Data\eSafe\log\eGdpSvc.LOG (670 bytes)
%Documents and Settings%\All Users\Application Data\eSafe\eGdpSvc.exe (3414168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\genteert.dll (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-fsa.cmd (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee0C\setup_temp.gea (10336 bytes)
%Documents and Settings%\All Users\Application Data\DealPlyLive\Update\Log\DealPlyLive.log (1104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab14.tmp (48483 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (40992 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 (128 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D (132 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\psmachine.dll (158240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (37408 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (33312 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar13.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab16.tmp (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 (126 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (55328 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (39456 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (48160 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab12.tmp (48483 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (54009 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (29728 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (46112 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdate.dll (818208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 (53259 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D (494 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 (75433 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (50208 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (46112 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineCore.job (886 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar15.tmp (146652 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (32288 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\DealPlyLive.exe (148000 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (48672 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (36384 bytes)
%WinDir%\Tasks\DealPlyLiveUpdateTaskMachineUA.job (890 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (34336 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (32800 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (38432 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (30240 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar17.tmp (160255 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (42528 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (29216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (46624 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (216 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (116 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (31776 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (30752 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (32800 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (122 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (31264 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (61984 bytes)
%Program Files%\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-BR.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_it.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ro.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_iw.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHandler.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bg.dll (40992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\npGoogleUpdate3.dll (241696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sl.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_id.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_de.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sv.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lv.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hi.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_el.dll (42528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ko.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hu.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_cs.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sr.dll (39456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_gu.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT11.tmp (7520256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ms.dll (30240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fa.dll (36384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_da.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psuser.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_et.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_bn.dll (46624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sw.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_uk.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ru.dll (38432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_am.dll (35360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ta.dll (50208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_tr.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_te.dll (48160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ml.dll (55328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_lt.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_no.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\psmachine.dll (158240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pt-PT.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ur.dll (37408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ja.dll (36896 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_hr.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_en-GB.dll (29728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_is.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_mr.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_sk.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ar.dll (34336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveOnDemand.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveBroker.exe (61984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLive.exe (148000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_kn.dll (48672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_vi.dll (33312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-CN.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_th.dll (46112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fr.dll (32800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_pl.dll (32288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fi.dll (31264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_nl.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_zh-TW.dll (29216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_ca.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\DealPlyLiveHelper.msi (40960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_fil.dll (31776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es-419.dll (30752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdate.dll (1342496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM10.tmp\goopdateres_es.dll (32800 bytes)
%WinDir%\Tasks\DealPlyUpdate.job (288 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[2].txt (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\green_arrow[1].png (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\logo_huge[1].png (22860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X7VALIDZ\setiecookie[1].htm (2624 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013111120131112\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24576 bytes)
%Documents and Settings%\%current user%\Cookies\test@desktopy[1].txt (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\setcook[1].css (859 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_01[1].jpg (43768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\success_02[1].jpg (64525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm9.tmp (399709 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktopy-plugins[1].exe (761152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\System.dll (11264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktopy[1].exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\inetc.dll (25600 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy-plugins.exe (761152 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\uninstall.exe (106170 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\desktopy.ru\desktopy.lnk (878 bytes)
%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe (827392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\ÃÂ ÃÂ°ÃÂ±ÃÂ¾Ã‘â€¡ÃÂ¸ÃÂ¹ Ã‘ÂÃ‘â€šÃÂ¾ÃÂ»\desktopy.lnk (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscA.tmp\ShellExecAsUser.dll (7168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\manifest.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png (2465 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js (42 bytes)
%Program Files%\DealPly\DealPly.crx (51066 bytes)
%Program Files%\DealPly\DealPlyUpdateVer.exe (108600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\logs\uninst.log (2181 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf (1036 bytes)
%Program Files%\DealPly\uninst.exe (892928 bytes)
%Program Files%\DealPly\DealPlyIE.dll (100384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{8C365E02-5F88-4BF7-9282-1F64AE033331}\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul (762 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon128.png (11786 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\DealPly Help.url (121 bytes)
%Program Files%\DealPly\DealPlyUpdate.exe (78424 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js (94750 bytes)
%Program Files%\DealPly\icon.ico (15086 bytes)
%Program Files%\DealPly\DealPly.xpi (4126 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\Uninstall DealPly.lnk (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon16.png (998 bytes)
%Documents and Settings%\%current user%\Ãâ€œÃÂ»ÃÂ°ÃÂ²ÃÂ½ÃÂ¾ÃÂµ ÃÂ¼ÃÂµÃÂ½Ã‘Å½\ÃÅ¸Ã‘â‚¬ÃÂ¾ÃÂ³Ã‘â‚¬ÃÂ°ÃÂ¼ÃÂ¼Ã‘â€¹\DealPly\DealPly.url (117 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\images\icon48.png (3885 bytes)
%Program Files%\DealPly\DealPlyUpdateRun.exe (92704 bytes)
%System%\config\SYSTEM (53248 bytes)
%System%\config\system.LOG (10240 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (17920 bytes)
%WinDir%\Installer\6cfc25.msi (43520 bytes)
%WinDir%\Installer\6cfc28.ipi (22228 bytes)
%WinDir%\Installer\MSI18.tmp (1587 bytes)
%WinDir%\Installer\6cfc29.msi (73239 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\guig.dll (20480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\software__3470_il4326946.exe (371540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.txt (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fileseta.exe (86191 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gentee85\setup_temp.gea (4386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pause-sf.cmd (42 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"desktopy" = "%Documents and Settings%\%current user%\Application Data\desktopy.ru\desktopy.exe is_autoruned"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

Network Activity

Map

Strings from Dumps