* Arcade    FAQSearchLogin
Register
It is currently Sat Jul 04, 2009 7:52 pm

View unanswered posts | View active topics


Board index » Malware Analysis » Analyze Malwares

All times are UTC + 5:30 hours [ DST ]


Welcome
Welcome to <strong>Malware Analysis Forum</strong>.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, <a href="/profile.php?mode=register">join our community today</a>!


Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
maliciousbrains
 Post subject: musicoffaith.aavalue.com/mof/toolbar/mof-toolbar.cab
PostPosted: Thu Apr 10, 2008 1:35 am 
Offline
Site Admin
User avatar

Joined: Thu Mar 27, 2008 1:06 pm
Posts: 163
Location: India
Download Lnk: hxxp://musicoffaith.aavalue.com/mof/too ... oolbar.cab

File Name: mof-toolbar.cab

VirusTotal Result: 12/32 (37.5%)
AntiVir 7.6.0.81 2008.04.09 DR/Toolbar.A.34
Avast 4.8.1169.0 2008.04.09 Win32:Adware-gen
BitDefender 7.2 2008.04.09 Trojan.Startpage.DLL
ClamAV 0.92.1 2008.04.09 Adware.Toolbar-32
F-Prot 4.4.2.54 2008.04.08 W32/AdwareX.BF
Fortinet 3.14.0.0 2008.04.09 Adware/SideSearch
Ikarus T3.1.1.26 2008.04.09 Trojan.StartPage.DLL
Kaspersky 7.0.0.125 2008.04.09 not-a-virus:AdTool.Win32.Toolbar.a
NOD32v2 3014 2008.04.09 Win32/Adware.SideSearch
Panda 9.0.0.4 2008.04.08 Spyware/7r7t
Prevx1 V2 2008.04.09 Generic.Malware
Webwasher-Gateway 6.6.2 2008.04.09 Trojan.Dropper.Toolbar.A.34

File Info:
File size: 267859 bytes
MD5...: 5f0fd16fb91c6153c75492f4c309f8fd
SHA1..: e1ed24bc5e8b42d53ac7a5c00ca3074c05d72ce8
SHA256: b94ce6a57317b65d3451895191c7c84f44c52d5d4bce644d15cc05ddc5f4189f
SHA512: 25f1ea47a0d1ddd461968cad20be82836125117a3a02898eb8a2a2971665211a
811a29b7cf9af41047de28c0c4d4919f955b57097d24e0e7086da6654b1b11c0
PEiD..: -
PEInfo: -
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00F42ECDAF

This file carries one inf and one executable inside.
File Name: mof-package.exe (MD5: C6706591D863CD1816B07A7BD0443014)
File Name: mof-install.inf (MD5: ED8521A76FFBD3116D3490EB2BDAB934)

VirusTotal Result: 15/32 (46.88%)
AntiVir 7.6.0.81 2008.04.09 DR/Toolbar.A.34
Avast 4.8.1169.0 2008.04.09 Win32:Adware-gen
BitDefender 7.2 2008.04.09 Trojan.Startpage.DLL
ClamAV 0.92.1 2008.04.09 Adware.Toolbar-32
F-Prot 4.4.2.54 2008.04.08 W32/AdwareX.BF
FileAdvisor 1 2008.04.09 Low threat detected
Fortinet 3.14.0.0 2008.04.09 Adware/SideSearch
Ikarus T3.1.1.26 2008.04.09 Trojan.StartPage.DLL
Kaspersky 7.0.0.125 2008.04.09 not-a-virus:AdTool.Win32.Toolbar.a
NOD32v2 3014 2008.04.09 Win32/Adware.SideSearch
Panda 9.0.0.4 2008.04.08 Spyware/7r7t
Prevx1 V2 2008.04.09 Generic.Malware
Sunbelt 3.0.1032.0 2008.04.08 Music of Faith
TheHacker 6.2.92.269 2008.04.09 Trojan/Downloader.VB.dht
Webwasher-Gateway 6.6.2 2008.04.09 Trojan.Dropper.Toolbar.A.34

File Info:
File Name: mof-package.exe
File size: 273112 bytes
MD5...: c6706591d863cd1816b07a7bd0443014
SHA1..: 15049c1547c25fc43ba5a7f6c4ddbbce9ccfefbc
SHA256: 2f88346d0e8967dabaf3b0d18b4ebae7ed4920ae51c9e979ce7e81ead4c62fca
SHA512: d206b23f081d0bc14d5f22aea368fcf5301f863449df0a121b99b40412023f97
6bac1cb4d70d6644d38426869fa4e4dc656e42b134ed75962cb28d11a2fb68c0

PE Header
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0005
Time/Date stamp: 423C2FEA
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 010F
Magic: 010B
Linker version (major): 06
Linker version (minor): 00
Size of code: 00005C00
Size of initialized data: 00028600
Size of uninitialized data: 00000400
Address of entry point: 0000402D
Base of code: 00001000
Base of data: 00007000
Image base: 00400000
Section alignment: 00001000
File alignment: 00000200
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 00039000
Size of headers: 00000400
Checksum: 00000000
Sub system: 0002 - Windows graphical user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010
Base Data:
Entry Point Address.: 0x40402d
Time Date Stamp.....: 0x423c2fea (Sat Mar 19 13:58:02 2005)
Machine Type.......: 0x14c (I386)

PE Sections
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 00005B32 00001000 00005C00 00000400 60000020
.rdata 000011C0 00007000 00001200 00006000 40000040
.data 000260D4 00009000 00000400 00007200 C0000040
.ndata 00008000 00030000 00000000 00000000 C0000080
.rsrc 00001000 00038000 00000800 00007600 40000040

Import table (libraries: 8)
COMCTL32.dll (imports: 4)
#17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
KERNEL32.dll (imports: 62)
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GlobalFree
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
ReadFile
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
GetCommandLineA
USER32.dll (imports: 60)
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PeekMessageA
GDI32.dll (imports: 8)
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject
ADVAPI32.dll (imports: 9)
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyA
SHELL32.dll (imports: 6)
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ole32.dll (imports: 3)
OleInitialize
OleUninitialize
CoCreateInstance
VERSION.dll (imports: 3)
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

When executed, opens up the url:
hxxp://musicoffaith.aavalue.com/include ... erid=15144

This url displays the following message:
Congratulations! You have successfully installed the MusicOfFaith Toolbar!

It installs the Music Of Faith toolbar in the browser.

File Activity:

Popup Window:
Process Window Name Window Text
explorer.exe Windows Internet Explorer
csrss.exe End Program - Windows Internet Explorer This program is not responding. To return to Windows and check the status of the program, click Cancel. If you choose to end the program immediately, you will lose any unsaved data. To end the program now, click End Now. &End Now Cancel
csrss.exe End Program - Windows Internet Explorer This program is not responding. To return to Windows and check the status of the program, click Cancel. If you choose to end the program immediately, you will lose any unsaved data. To end the program now, click End Now. &End Now Cancel

Network Activit:
TCP Scans:
27 IPs on Port 445
83.205.0.0/16

Process Info:
Filename: mof-toolbar.exe
MD5: e4f1fdaab5c3fff460611a27b8ab3080
SHA-1: 15e3eb6772e9753d4cd13ba753a76857672c0660
File Size: 257366 Bytes
Command Line: C:\DOCUME~1\user\LOCALS~1\Temp\mof-toolbar.exe
MD5: c6706591d863cd1816b07a7bd0443014
SHA-1: 15049c1547c25fc43ba5a7f6c4ddbbce9ccfefbc
File Size: 273112 Bytes
Command Line: C:\sample.exe

Registry Reads:
Key Name Value Times
HKLM\Software\Microsoft\Windows\CurrentVersion ProgramFilesDir C:\Program Files 2
HKLM\SOFTWARE\CLASSES\.DLL dllfile 1
HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32 "C:\Program Files\Internet Explorer\IEXPLORE.EXE" 2
HKLM\SOFTWARE\CLASSES\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\INPROCSERVER32 %SystemRoot%\system32\msxml3.dll 1
HKLM\SOFTWARE\CLASSES\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\INPROCSERVER32 ThreadingModel Both 1
HKLM\Software\Microsoft\COM3 Com+Enabled 1 2
HKLM\Software\Microsoft\COM3 REGDBVersion 0x0f00000000000000 6
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ComputerName USER 2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar firstURL http://musicoffaith.aavalue.com/bundles/initialize.html 2

Registry Monitored:
HKLM\Software\Classes 1 Key Change,Value Change 4
HKLM\Software\Classes\CLSID 1 Key Change,Value Change 2
HKLM\Software\Microsoft\COM3 1 Key Change,Value Change 6
HKU 1 Key Change,Value Change 4

Registry Values Created:
HKLM\Software\Classes\XBTB00501.IEToolbar.1
HKLM\Software\Classes\XBTB00501.IEToolbar.1\CLSID
HKLM\Software\Classes\XBTB00501.IEToolbar
HKLM\Software\Classes\XBTB00501.IEToolbar\CLSID
HKLM\Software\Classes\XBTB00501.IEToolbar\CurVer
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\ProgID
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\Programmable
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\InprocServer32
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\TypeLib
HKLM\Software\Classes\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\Implemented Categories
HKLM\Software\Classes\CLSID\ {FC0F30CD-E949-4148-884E-DC0F3D32EA46}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKLM\Software\Classes\CLSID\ {FC0F30CD-E949-4148-884E-DC0F3D32EA46}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKLM\Software\Classes\ToolBand.XBTB00501.1
HKLM\Software\Classes\ToolBand.XBTB00501.1\CLSID
HKLM\Software\Classes\ToolBand.XBTB00501
HKLM\Software\Classes\ToolBand.XBTB00501\CLSID
HKLM\Software\Classes\ToolBand.XBTB00501\CurVer
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\ProgID
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\Programmable
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\InprocServer32
HKLM\Software\Classes\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\TypeLib
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC21563-BD46-4946-A49E-7AF6DEF17386}
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\FLAGS
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\0
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\0\win32
HKLM\Software\Classes\TypeLib\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\HELPDIR
HKLM\Software\Classes\Interface\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}
HKLM\Software\Classes\Interface\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\ProxyStubClsid
HKLM\Software\Classes\Interface\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\TypeLib
HKLM\Software\Classes\Interface\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}
HKLM\Software\Classes\Interface\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\ProxyStubClsid
HKLM\Software\Classes\Interface\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\ProxyStubClsid32
HKLM\Software\Classes\Interface\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\TypeLib
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar
HKLM\Software\Classes\XBTB00501.XBTB00501.1
HKLM\Software\Classes\XBTB00501.XBTB00501.1\CLSID
HKLM\Software\Classes\XBTB00501.XBTB00501
HKLM\Software\Classes\XBTB00501.XBTB00501\CLSID
HKLM\Software\Classes\XBTB00501.XBTB00501\CurVer
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Maxthon
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00501.XBTB00501Toolbar

Registry Values Modified:
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386} XBTB00501 Class
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\INPROCSERVER32 C:\PROGRA~1\MUSICO~1\Toolbar\MOF-TO~1.DLL
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\INPROCSERVER32 ThreadingModel Apartment
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\PROGID ToolBand.XBTB00501.1
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\TYPELIB {15BE9491-A776-42bd-BFC6-8F5978D83B9A}
HKLM\SOFTWARE\CLASSES\CLSID\{CFC21563-BD46-4946-A49E-7AF6DEF17386}\VERSIONINDEPENDENTPROGID ToolBand.XBTB00501
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46} IE Toolbar
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\INPROCSERVER32 C:\PROGRA~1\MUSICO~1\Toolbar\MOF-TO~1.DLL
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\INPROCSERVER32 ThreadingModel Apartment
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\PROGID XBTB00501.IEToolbar.1
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\TYPELIB {15BE9491-A776-42bd-BFC6-8F5978D83B9A}
HKLM\SOFTWARE\CLASSES\CLSID\{FC0F30CD-E949-4148-884E-DC0F3D32EA46}\VERSIONINDEPENDENTPROGID XBTB00501.IEToolbar
HKLM\SOFTWARE\CLASSES\INTERFACE\{745C62AE-7EB0-44C3-BA35-BA1808AB431B} IToolHelper
HKLM\SOFTWARE\CLASSES\INTERFACE\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\PROXYSTUBCLSID {00020424-0000-0000-C000-000000000046}
HKLM\SOFTWARE\CLASSES\INTERFACE\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\PROXYSTUBCLSID32 {00020424-0000-0000-C000-000000000046}
HKLM\SOFTWARE\CLASSES\INTERFACE\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\TYPELIB {15BE9491-A776-42BD-BFC6-8F5978D83B9A}
HKLM\SOFTWARE\CLASSES\INTERFACE\{745C62AE-7EB0-44C3-BA35-BA1808AB431B}\TYPELIB Version 1.0
HKLM\SOFTWARE\CLASSES\INTERFACE\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C} ISoftomateObj
HKLM\SOFTWARE\CLASSES\INTERFACE\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\PROXYSTUBCLSID {00020424-0000-0000-C000-000000000046}
HKLM\SOFTWARE\CLASSES\INTERFACE\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\PROXYSTUBCLSID32 {00020424-0000-0000-C000-000000000046}
HKLM\SOFTWARE\CLASSES\INTERFACE\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\TYPELIB {15BE9491-A776-42BD-BFC6-8F5978D83B9A}
HKLM\SOFTWARE\CLASSES\INTERFACE\{F9BBC79A-077B-415B-82CE-15D1B8D7E93C}\TYPELIB Version 1.0
HKLM\SOFTWARE\CLASSES\TOOLBAND.XBTB00501 XBTB00501 Class
HKLM\SOFTWARE\CLASSES\TOOLBAND.XBTB00501.1 XBTB00501 Class
HKLM\SOFTWARE\CLASSES\TOOLBAND.XBTB00501.1\CLSID {CFC21563-BD46-4946-A49E-7AF6DEF17386}
HKLM\SOFTWARE\CLASSES\TOOLBAND.XBTB00501\CLSID {CFC21563-BD46-4946-A49E-7AF6DEF17386}
HKLM\SOFTWARE\CLASSES\TOOLBAND.XBTB00501\CURVER ToolBand.XBTB00501.1
HKLM\SOFTWARE\CLASSES\TYPELIB\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0 Softomate 1.0 Type Library
HKLM\SOFTWARE\CLASSES\TYPELIB\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\0\WIN32 C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.dll
HKLM\SOFTWARE\CLASSES\TYPELIB\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\FLAGS 0
HKLM\SOFTWARE\CLASSES\TYPELIB\{15BE9491-A776-42BD-BFC6-8F5978D83B9A}\1.0\HELPDIR C:\Program Files\MusicOfFaith\Toolbar\
HKLM\SOFTWARE\CLASSES\XBTB00501.IETOOLBAR IE Toolbar
HKLM\SOFTWARE\CLASSES\XBTB00501.IETOOLBAR.1 IE Toolbar
HKLM\SOFTWARE\CLASSES\XBTB00501.IETOOLBAR.1\CLSID {FC0F30CD-E949-4148-884E-DC0F3D32EA46}
HKLM\SOFTWARE\CLASSES\XBTB00501.IETOOLBAR\CLSID {FC0F30CD-E949-4148-884E-DC0F3D32EA46}
HKLM\SOFTWARE\CLASSES\XBTB00501.IETOOLBAR\CURVER XBTB00501.IEToolbar.1
HKLM\SOFTWARE\CLASSES\XBTB00501.XBTB00501 Music of Faith Toolbar
HKLM\SOFTWARE\CLASSES\XBTB00501.XBTB00501.1 Music of Faith Toolbar
HKLM\SOFTWARE\CLASSES\XBTB00501.XBTB00501.1\CLSID {FC0F30CD-E949-4148-884E-DC0F3D32EA46}
HKLM\SOFTWARE\CLASSES\XBTB00501.XBTB00501\CLSID {FC0F30CD-E949-4148-884E-DC0F3D32EA46}
HKLM\SOFTWARE\CLASSES\XBTB00501.XBTB00501\CURVER XBTB00501.XBTB00501.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC21563-BD46-4946-A49E-7AF6DEF17386} XBTB00501
HKLM\Software\Microsoft\Internet Explorer\Toolbar {FC0F30CD-E949-4148-884E-DC0F3D32EA46} 0x00
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00501.XBTB00501Toolbar DisplayName Music of Faith Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00501.XBTB00501Toolbar UninstallString regsvr32 /u /s "C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.dll"
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\ Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN iexplore.exe 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar AlertMsg Alert
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar AutoComplete 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar DescriptiveText 1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar ErrorMsg Error
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar KeepHistory 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar OpenNew 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar PopStop Music of Faith Toolbar has blocked a Pop-up window
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar RunSearchAutomatically 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar RunSearchDragAutomatically 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar ShowFindButtons 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar ShowHighlightButton 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar UpdateAutomatically 0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar autoUpdateMsg New version ofMusic of Faith Toolbar is available. Would you like to download and install new version?
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar closeAllWindowsForUpdate All running IE Windows will be closed before updating the Music of Faith Toolbar. Continue?
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar connectionError Can't establish a connection.
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar contextMenuItemName Music of Faith Toolbar search
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar contextSearch http://search.musicoffaith.com/search.html?toolbar=%toolbar_id&keywords=%selection
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar corruptedMsg One of the XML files is corrupted or invalid. Press OK to uninstall.
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar firstTime 1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar firstUrl http://musicoffaith.aavalue.com/bundles/initialize.html
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar lastVersionMsg You have the latest version of the Music of Faith Toolbar.
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar serverpath
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar toolbar_id {A9975454-A65A-4715-9597-0A3F42959860}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar toolbar_version <TOOLBAR name="Music of Faith Toolbar" version="1.0"/>
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar uninstallMsg This will remove the Music of Faith Toolbar from your computer! Are you sure?
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar updateMsg This will try to update the Music of Faith Toolbar from the server. Continue?
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar updateUrl
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar urlAfterUninstall http://musicoffaith.aavalue.com/mof/too ... oolbar_id=%toolbar_id
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar urlAfterUpdate
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\software\XBTB00501\Toolbar versionError Can not find current version information.

Mutex:
CTF.TimListCache.FMPDefaultS-1-5-21-1229272821-1004336348- 527237240-1003MUTEX.DefaultS-1-5-21-1229272821-1004336348- 527237240-1003

Files Deleted:
C:\DOCUME~1\user\LOCALS~1\Temp\nsr1.tmp
C:\DOCUME~1\user\LOCALS~1\Temp\nsp2.tmp

Files Created:
C:\DOCUME~1\user\LOCALS~1\Temp\mof-toolbar.exe
C:\Program Files\MusicOfFaith\Toolbar\basis.xml
C:\Program Files\MusicOfFaith\Toolbar\icons.bmp
C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.crc
C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.dll
C:\Program Files\MusicOfFaith\Toolbar\mof.bmp
C:\Program Files\MusicOfFaith\Toolbar\search.bmp
C:\Program Files\MusicOfFaith\Toolbar\tb_settings.xml
C:\Program Files\MusicOfFaith\Toolbar\version.txt

Files Read:
C:\DOCUME~1\user\LOCALS~1\Temp\mof-toolbar.exe
C:\DOCUME~1\user\LOCALS~1\Temp\nsu3.tmp

Files Modified:
C:\DOCUME~1\user\LOCALS~1\Temp\nsu3.tmp
C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.dll

Folder reated:
C:\Program Files\MusicOfFaith
C:\Program Files\MusicOfFaith\Toolbar

Memory Mapped Files:
File Name
C:\WINDOWS\system32\rpcss.dll

Process Created:
C:\DOCUME~1\user\LOCALS~1\Temp\mof-toolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE -nohome hxxp://musicoffaith.aavalue.com/include ... erid=15144
C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\MusicOfFaith\Toolbar\mof-toolbar.dll"

Process Started:
Filename: IEXPLORE.EXE
MD5: 3ac2bc667da0af2c968e96e1630f5ab5
SHA-1: 7d1750c0cca742be4b00bfc08bfbc044e339f72c
File Size: 625152 Bytes
Command Line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome http://musicoffaith.aavalue.com/include ... erid=15144

Registry Values Created:
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003_CLASSES\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003_CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003_CLASSES\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
HKU\S-1-5-21-1229272821-1004336348-527237240-1003_CLASSES\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\Software\Classes\CLSID\ {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32

Registry Values Created:
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\ 0x00000000
HKU\ S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\ TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
HKU\ S-1-5-21-1229272821-10043363

_________________
.:: MaliciousBrains ::.
http://www.malwareinfo.org

There are no patches or service packs for IGNORANCE!!

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Malware Analysis » Analyze Malwares

All times are UTC + 5:30 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Donate Now
Donate Now
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Hosted by Freeforums.org