PUA.Win32.YahooToolbar.A

March 26, 2021

Analysis by: Maria Emreen Viray

PLATFORM:

Windows

OVERALL RISK RATING:

DAMAGE POTENTIAL:

DISTRIBUTION POTENTIAL:

REPORTED INFECTION:

INFORMATION EXPOSURE:

Threat Type: Potentially Unwanted Application
Destructiveness: No
Encrypted:
In the wild: Yes

OVERVIEW

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

TECHNICAL DETAILS

File Size:

3,518,422 bytes

File Type:

EXE

Memory Resident:

Initial Samples Received Date:

13 Nov 2020

Arrival Details

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Potentially Unwanted Application drops the following files:

%Application Data%\Microsoft\Windows\Cookies\{Username}@yahoo[1].txt → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\nst{4 Random Alphanumeric Characters}.tmp.htm → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\finish.ini → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\InetLoad.dll → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\nso565C.tmp.htm → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\nsy5CB5.tmp → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\privacy.ini → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\System.dll → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\toolbar.bmp → deleted afterwards
%User Temp%\nst{4 Random Alphanumeric Characters}.tmp\welcome.ini → deleted afterwards
%User Temp%\nsn{4 Random Alphanumeric Characters}.tmp\InstallOptions.dll → deleted afterwards
%User Temp%\nsn{4 Random Alphanumeric Characters}.tmp\ioSpecial.ini → deleted afterwards
%User Temp%\nsn{4 Random Alphanumeric Characters}.tmp\LangDLL.dll → deleted afterwards
%User Temp%\nsn{4 Random Alphanumeric Characters}.tmp\modern-wizard.bmp → deleted afterwards
%User Temp%\nsn{4 Random Alphanumeric Characters}.tmp\StartMenu.dll → deleted afterwards
%Application Data%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol → deleted afterwards
%Application Data%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol → deleted afterwards
%Program Files%\FLV Player\Yahoo Toolbar Installer.exe → deleted afterwards
%Common Programs%\FLV Player\FLV Player.lnk
%Desktop%\FLV Player.lnk
%Program Files%\FLV Player\FLVPlayer.exe
%Program Files%\Yahoo!\Common\unyt.exe
%Program Files%\Yahoo!\Companion\Installs\cpn\yt.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\pubmod.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\YMERemote.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\YTabBar.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\YTBM.dll
%Program Files%\Yahoo!\Companion\Installs\cpn\inyt.exe
%Program Files%\Yahoo!\Companion\Installs\cpn\inyt.exe.manifest
%Program Files%\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll
%Program Files%\Yahoo!\Companion\Data\dlg_atb.html
%Program Files%\Yahoo!\Companion\Data\dlg_catb.html
%Program Files%\Yahoo!\Companion\Data\dlg_cnf.html
%Program Files%\Yahoo!\Companion\Data\dlg_cotb.html
%Program Files%\Yahoo!\Companion\Data\dlg_ctb.html
%Program Files%\Yahoo!\Companion\Data\dlg_fantip.html
%Program Files%\Yahoo!\Companion\Data\dlg_fantipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_fintip.html
%Program Files%\Yahoo!\Companion\Data\dlg_fintipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_grptip.html
%Program Files%\Yahoo!\Companion\Data\dlg_grptipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_logtip.html
%Program Files%\Yahoo!\Companion\Data\dlg_mailatip.html
%Program Files%\Yahoo!\Companion\Data\dlg_mailtip.html
%Program Files%\Yahoo!\Companion\Data\dlg_map.html
%Program Files%\Yahoo!\Companion\Data\dlg_mlbtip.html
%Program Files%\Yahoo!\Companion\Data\dlg_mlbtipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_msgratip.html
%Program Files%\Yahoo!\Companion\Data\dlg_msgrtip.html
%Program Files%\Yahoo!\Companion\Data\dlg_nbatip.html
%Program Files%\Yahoo!\Companion\Data\dlg_nbatipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_newstip.html
%Program Files%\Yahoo!\Companion\Data\dlg_newstipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_nfltip.html
%Program Files%\Yahoo!\Companion\Data\dlg_nfltipg.html
%Program Files%\Yahoo!\Companion\Data\dlg_opt.html
%Program Files%\Yahoo!\Companion\Data\dlg_pub.html
%Program Files%\Yahoo!\Companion\Data\dlg_srchtip.html
%Program Files%\Yahoo!\Companion\Data\dlg_upg.html
%Program Files%\Yahoo!\Companion\Data\dlg_wp.html
%Program Files%\FLV Player\FLV Player.url
%Common Programs%\FLV Player\FLV Player website.lnk
%Common Programs%\FLV Player\Uninstall.lnk
%Program Files%\FLV Player\uninst.exe
%User Temp%\mProjector957005698\mPlayer.3.1.1e.dll
%User Temp%\mProjector957005698\System.3.1.1e.mfx
%User Temp%\mProjector957005698\Flash6MovieV2.3.1.1e.mvx
%User Temp%\mProjector957005698\FlashPlayer.3.1.1e.ocx
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\LICENSE.txt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\yahooToolbarSettings

It adds the following processes:

"Yahoo Toolbar Installer.exe" /S /ypc=flv /ysc=flv /ydc=flv /ysetsearch /yfrc=flv /yinstytff
"%Program Files%\FLV Player\FLVPlayer.exe"

(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).)

Other System Modifications

This Potentially Unwanted Application adds the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
NSIS:StartMenuDir = FLV Player

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.flv
(Default) = Flash.VideoFile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Flash.VideoFile\shell\open\
command
(Default) = "%Program Files%\FLV Player\FLVPlayer.exe" "%1"

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo
ntatest = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion\
Opt
rs = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.AntiSpyPlugin.6
(Default) = AntiSpyPlugin Clas

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.AntiSpyPlugin.6\CLSID
(Default) = {B7A0E898-93E5-43f4-B99A-6C70B303699C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.AntiSpyPlugin
(Default) = AntiSpyPlugin Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.AntiSpyPlugin\CurVer
(Default) = Yahoo.AntiSpyPlugin.6

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
(Default) = AntiSpyPlugin Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\ProgID
(Default) = Yahoo.AntiSpyPlugin.6

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\VersionIndependentProgID
(Default) = Yahoo.AntiSpyPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\1.0
(Default) = YTAntiSpy 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\1.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\1.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
(Default) = IYTASButton

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\TypeLib
(Default) = {AD34BE7D-2603-43DD-8D1F-E4431D42C44E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
(Default) = IYToolbarPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
(Default) = {AD34BE7D-2603-43DD-8D1F-E4431D42C44E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
(Default) = IYToolbarPlugin2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\TypeLib
(Default) = {AD34BE7D-2603-43DD-8D1F-E4431D42C44E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
(Default) = IYNonRenderingPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\TypeLib
(Default) = {AD34BE7D-2603-43DD-8D1F-E4431D42C44E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
(Default) = yt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\yt.DLL
AppID = {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YToolbarBand.1
(Default) = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YToolbarBand.1\CLSID
(Default) = {EF99BD32-C1FB-11D2-892F-0090271D4F88}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YToolbarBand
(Default) = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YToolbarBand\CLSID
(Default) = {EF99BD32-C1FB-11D2-892F-0090271D4F88}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YToolbarBand\CurVer
(Default) = yt.YToolbarBand.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Default) = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ProgID
(Default) = yt.YToolbarBand.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\VersionIndependentProgID
(Default) = yt.YToolbarBand

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\yt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
AppID = {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\Version
(Default) = 6.3.0.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\MiscStatus
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\MiscStatus\
1
(Default) = 132497

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\URLSearchHooks
{EF99BD32-C1FB-11D2-892F-0090271D4F88} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = 00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Toolbar
DisplayName = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YTHelper.2
(Default) = &Yahoo! Toolbar Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YTHelper.2\CLSID
(Default) = {02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YTHelper
(Default) = &Yahoo! Toolbar Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YTHelper\CLSID
(Default) = {02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
yt.YTHelper\CurVer
(Default) = yt.YTHelper.2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
(Default) = &Yahoo! Toolbar Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ProgID
(Default) = yt.YTHelper.2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\VersionIndependentProgID
(Default) = yt.YTHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\Version
(Default) = 6.3.0.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\yt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\MiscStatus
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\MiscStatus\
1
(Default) = 131473

HKEY_CURRENT_USER\Software\Yahoo\
Companion
ii = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer
(Default) = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0
(Default) = yt 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\yt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
(Default) = IYToolbarBand2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\TypeLib
Version = 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
(Default) = IYToolbarBand

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\TypeLib
Version = 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
(Default) = IYTHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\TypeLib
Version = 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
(Default) = IYTBCustomizer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\TypeLib
Version = 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
(Default) = IYBookmarkCustomizer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\TypeLib
(Default) = {003028C2-EA1C-4676-A316-B5CB50917002}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\TypeLib
Version = 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = 00

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
resfeed = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
asy = 0

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
ask = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.PopupBlockerPlugin.4
(Default) = PopupBlocker Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.PopupBlockerPlugin.4\CLSID
(Default) = {1147DC83-6208-4dca-8E88-DD45BAAB3043}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.PopupBlockerPlugin
(Default) = PopupBlocker Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.PopupBlockerPlugin\CurVer
(Default) = Yahoo.PopupBlockerPlugin.4

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
(Default) = PopupBlocker Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\ProgID
(Default) = Yahoo.PopupBlockerPlugin.4

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\VersionIndependentProgID
(Default) = Yahoo.PopupBlockerPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\pubmod.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\InprocServer32
ThreadingModel = Apartment

HKEY_CURRENT_USER\Software\Yahoo\
Companion\pubmod
c = 1

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Error Dlg Displayed On Every Error = no

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Disable Script Debugger = yes

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\4.0
(Default) = Yahoo! Companion PopupBlocker Plugin 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\4.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\4.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\pubmod.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\4.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
(Default) = {4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
Version = 4.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{7D831388-D405-4272-9511-A07440AD2927}
(Default) = YMERemote

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\YMERemote.DLL
AppID = {7D831388-D405-4272-9511-A07440AD2927}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin.1
(Default) = YMECompPlugin Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin.1\CLSID
(Default) = {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}

KEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin
(Default) = YMECompPlugin Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin.1\CLSID
(Default) = {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin
(Default) = YMECompPlugin Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin\CLSID
(Default) = {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YMERemote.YMECompPlugin\CurVer
(Default) = YMERemote.YMECompPlugin.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
AppID = {7D831388-D405-4272-9511-A07440AD2927}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}\TypeLib
(Default) = {B722ED8B-0B38-408E-BB89-260C73BCF3D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\1.0
(Default) = YMERemote 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\1.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YMERemote.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\1.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\TypeLib
(Default) = {B722ED8B-0B38-408E-BB89-260C73BCF3D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
(Default) = {B722ED8B-0B38-408E-BB89-260C73BCF3D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
(Default) = IYRenderingPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\TypeLib
(Default) = {B722ED8B-0B38-408E-BB89-260C73BCF3D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
(Default) = YPUBC

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\YPUBC.DLL
AppID = {FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.DataStore.1
(Default) = DataStore Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.DataStore.1\CLSID
(Default) = {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.DataStore
(Default) = DataStore Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.DataStore\CLSID
(Default) = {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.DataStore\CurVer
(Default) = YPUBC.DataStore.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
(Default) = DataStore Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\ProgID
(Default) = YPUBC.DataStore.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\VersionIndependentProgID
(Default) = YPUBC.DataStore

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
AppID = {FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.BlockerCtrl.1
(Default) = BlockerCtrl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.BlockerCtrl.1\CLSID
(Default) = {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.BlockerCtrl
(Default) = BlockerCtrl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.BlockerCtrl\CLSID
(Default) = {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.BlockerCtrl\CurVer
(Default) = YPUBC.BlockerCtrl.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
(Default) = BlockerCtrl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\ProgID
(Default) = YPUBC.BlockerCtrl.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\VersionIndependentProgID
(Default) = YPUBC.BlockerCtrl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
AppID = {FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\ToolboxBitmap32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll, 102

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\MiscStatus
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\MiscStatus\
1
(Default) = 131473

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\Version
(Default) = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.StringList.1
(Default) = StringList Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.StringList.1\CLSID
(Default) = {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.StringList
(Default) = StringList Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.StringList\CLSID
(Default) = {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.StringList\CurVer
(Default) = YPUBC.StringList.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
(Default) = StringList Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\ProgID
(Default) = YPUBC.StringList.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\VersionIndependentProgID
(Default) = YPUBC.StringList

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
AppID = {FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.PUBHTMLEventHandler.1
(Default) = PUBHTMLEventHandler Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.PUBHTMLEventHandler.1\CLSID
(Default) = {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.PUBHTMLEventHandler
(Default) = PUBHTMLEventHandler Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.PUBHTMLEventHandler\CLSID
(Default) = {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YPUBC.PUBHTMLEventHandler\CurVer
(Default) = YPUBC.PUBHTMLEventHandler.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
(Default) = PUBHTMLEventHandler Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\ProgID
(Default) = YPUBC.PUBHTMLEventHandler.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\VersionIndependentProgID
(Default) = YPUBC.PUBHTMLEventHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\ToolboxBitmap32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll, 106

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\MiscStatus
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\MiscStatus\
1
(Default) = 131473

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\Version
(Default) = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\3.0
(Default) = YPopupBlocker 3.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\3.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\3.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YPUBC.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\3.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
(Default) = _IBlockerCtrlEvents

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\ProxyStubClsid
(Default) = {00020420-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\ProxyStubClsid32
(Default) = {00020420-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\TypeLib
Version = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
(Default) = IBlockerCtrl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\TypeLib
Version = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
(Default) = IStringList

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\TypeLib
Version = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
(Default) = IDataStore

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\TypeLib
Version = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
(Default) = IPUBHTMLEventHandler

KEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\TypeLib
(Default) = {8A1AB044-787D-4309-8410-709768E484AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\TypeLib
Version = 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
(Default) = YTMsgr

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\YTMsgr.DLL
AppID = {9EDCCD11-960D-49AE-B523-C6B5AB7E1345}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.MessengerCompanionControl.5
(Default) = MessengerCompanionControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.MessengerCompanionControl.5\CLSID
(Default) = {FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.MessengerCompanionControl
(Default) = MessengerCompanionControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.MessengerCompanionControl\CLSID
(Default) = {FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Yahoo.MessengerCompanionControl\CurVer
(Default) = Yahoo.MessengerCompanionControl.5

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
(Default) = MessengerCompanionControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\ProgID
(Default) = Yahoo.MessengerCompanionControl.5

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\VersionIndependentProgID
(Default) = Yahoo.MessengerCompanionControl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTMsgr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
AppID = {9EDCCD11-960D-49AE-B523-C6B5AB7E1345}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\TypeLib
(Default) = {78DB07DF-483E-4829-AB44-ED7952083584}

HKEY_CURRENT_USER\Software\Yahoo\
YFriendsBar\Settings
NoAutoUpdate = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\1.0
(Default) = YTMsgr 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\1.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTMsgr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\1.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
(Default) = IYTMsgrButton

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\TypeLib
(Default) = {78DB07DF-483E-4829-AB44-ED7952083584}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
(Default) = {78DB07DF-483E-4829-AB44-ED7952083584}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\TypeLib
(Default) = {78DB07DF-483E-4829-AB44-ED7952083584}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\TypeLib
(Default) = {78DB07DF-483E-4829-AB44-ED7952083584}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
(Default) = YTabBar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\YTabBar.DLL
AppID = {35860EFB-1589-4F32-A618-99E847A502B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTabBar.YTabBarControl.1
(Default) = YTabBarControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTabBar.YTabBarControl.1\CLSID
(Default) = {DDCED22E-D018-471D-9A5C-A4EA2F21133D}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTabBar.YTabBarControl
(Default) = YTabBarControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTabBar.YTabBarControl\CLSID
(Default) = {DDCED22E-D018-471D-9A5C-A4EA2F21133D}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTabBar.YTabBarControl\CurVer
(Default) = YTabBar.YTabBarControl.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
(Default) = YTabBarControl Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\ProgID
(Default) = YTabBar.YTabBarControl.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\VersionIndependentProgID
(Default) = YTabBar.YTabBarControl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\InprocServer32
(Default) = Program Files%\Yahoo!\Companion\Installs\cpn\YTabBar.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
AppID = {35860EFB-1589-4F32-A618-99E847A502B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\TypeLib
(Default) = {A2C55651-A23E-43CA-B63D-C10B99EFF7E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\1.0
(Default) = YTabBar 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\1.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTabBar.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\1.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
(Default) = IYTabBarControl

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\TypeLib
(Default) = {A2C55651-A23E-43CA-B63D-C10B99EFF7E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
(Default) = YTBM

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\YTBM.DLL
AppID = {07CDAAD9-1226-4C6D-B774-C00E7B323484}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTBM.YTBMButton.1
(Default) = YTBMButton Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTBM.YTBMButton.1\CLSID
(Default) = {C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTBM.YTBMButton
(Default) = YTBMButton Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTBM.YTBMButton\CLSID
(Default) = {C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YTBM.YTBMButton\CurVer
(Default) = YTBM.YTBMButton.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
(Default) = YTBMButton Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\ProgID
(Default) = YTBM.YTBMButton.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\VersionIndependentProgID
(Default) = YTBM.YTBMButton

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\InprocServer32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTBM.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
AppID = {07CDAAD9-1226-4C6D-B774-C00E7B323484}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\TypeLib
(Default) = {B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\1.0
(Default) = YTBM 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\1.0\
0\win32
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\YTBM.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\1.0\
HELPDIR
(Default) = %Program Files%\Yahoo!\Companion\Installs\cpn\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
(Default) = IYTBMButton

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\TypeLib
(Default) = {B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\TypeLib
(Default) = {B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\TypeLib
(Default) = {B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\TypeLib
(Default) = {B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion\
Opt
sbpix = 210

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Default) = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YBrowserToolbar.YBrowserToolbar
(Default) = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
YBrowserToolbar.YBrowserToolbar.1
(Default) = Yahoo! Toolbar

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
Corp = None

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
Corp = None

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
ft = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
ftc = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
fts = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
Guest = none

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
Guest = none

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
ii = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
ii = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
cb = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
cb = 0

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion\
Ycheck
disabled = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion\YCheck
disabled = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
Region = us

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
Region = us

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
Language = us

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
Language = us

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
dc = v7_auto

KEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
dc = v7_auto

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
swp = 1

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion\
Opt
sst = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
UninstallerPath = %Program Files%\Yahoo!\Common\unyt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Companion
UninstallString = %Program Files%\Yahoo!\Common\unyt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Toolbar
UninstallString = %Program Files%\Yahoo!\Common\unyt.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Companion
DisplayName = Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Companion
DisplayIcon = %Program Files%\Yahoo!\Companion\Installs\cpn\yt.dll,-5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Companion
NoModify = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Yahoo! Companion
NoRepair = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
InstallPath = %Program Files%\Yahoo!\Companion\Installs\cpn

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
Apptitle = Yahoo! Toolbar

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
DisplayName = Yahoo! Search

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-flv

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes
DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
asdname = Yahoo! Search

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
asturl = search.yahoo.com

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
dc = v7_flv

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
dc = v7_flv

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
pc = flv

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
pc = flv

HKEY_CURRENT_USER\Software\AppDataLow\
Software\Yahoo\Companion
sc = flv

HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\
Companion
sc = flv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
NSIS:StartMenuDir = FLV Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
FLVPlayer.exe
(Default) = %Program Files%\FLV Player\FLVPlayer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
DisplayName = FLV Player 2.0, build 24

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
UninstallString = %Program Files%\FLV Player\uninst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
DisplayIcon = %Program Files%\FLV Player\FLVPlayer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
DisplayVersion = 2.0, build 24

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
URLInfoAbout = http://www.martijndevisser.com/blog/flv-player/

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
Publisher = Martijn de Visser

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FLV Player
NSIS:Language = 1033

Other Details

This Potentially Unwanted Application connects to the following possibly malicious URL:

http://pclick.internal.{BLOCKED}o.com/p/s=97314528/lng=us/rand={7 Random Generated Numbers}/_B=/_Y=
https://pclick.internal.{BLOCKED}o.com/p/s=97314528/lng=us/rand={7 Random Generated Numbers}/_B=/_Y=
http://pclick.internal.{BLOCKED}o.com/p/s=97314532/lng=us/rand={7 Random Generated Numbers}/_B=/_Y=
https://pclick.internal.{BLOCKED}o.com/p/s=97314532/lng=us/rand={7 Random Generated Numbers}/_B=/_Y=
http://installerstats.{BLOCKED}o.com/appusage.asp
http://{BLOCKED}devisser.com/download/flvplayer/version.xml

SOLUTION

Minimum Scan Engine:

9.800

SSAPI PATTERN File:

2.357.00

SSAPI PATTERN Date:

03 Dec 2020

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 3

Remove PUA.Win32.YahooToolbar.A by using its own Uninstall option

[ Learn More ]

To uninstall the grayware process

Step 4

Search and delete this file

[ Learn More ]

There may be some files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.

%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\LICENSE.txt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\yahooToolbarSettings

To manually delete a malware/grayware file from an affected system:

•For Windows 7, Windows Server 2008 (R2), Windows 8, Windows 8.1, Windows 10, and Windows Server 2012 (R2):

Open a Windows Explorer window.
- For Windows 7 and Server 2008 (R2) users, click Start>Computer.
- For Windows 8, 8.1, 10, and Server 2012 (R2) users, right-click on the lower-left corner of the screen,then click File Explorer.
In the Search Computer/This PC input box, type:
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\LICENSE.txt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\yahooToolbarSettings
Once located, select the file then press SHIFT+DELETE to delete it.
*Note: Read the following Microsoft page if these steps do not work on Windows 7 and Windows Server 2008 (R2).

Step 5

Scan your computer with your Trend Micro product to delete files detected as PUA.Win32.YahooToolbar.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:

Did this description help? Tell us how we did.

PUA.Win32.YahooToolbar.A

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Resources

Support

About Trend

Country Headquarters

PUA.Win32.YahooToolbar.A

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific