DawnRunTask 2Thu Dec 17 07:02:01 1998 hi everyone,*smile* , this one really had me on the brink of $%&(/'#.So i'll just outline the simplest way of unregging CYT.First i installed NS since i only use OPERA which this babedoesn't provide for:(. Running CYT twice unregged to obtaina filemon and regmon listing as well as getting a WDASM deadlisting of CYT.exe. The same i did with the regged version.The following files turned out to be of interest:win64os.cpl, msffs.dll and cyt31.ini (the logfile in applogi didn't bother with, since as Princess points out:all(or most) prg'sdo make an entry).Deleting these files of the regged version and running CYTagain brings up that annoying: "You have attempted to crack....",although regging is still possible.Hhmmm, so there must be a check of the registry somewhere, for evenreplacing these files with the unregged ones churned out the same result.Now looking at the dead listing i found a suspicious "cythid.reg"entry. Searched it in the registry and deleted it, then repeatedabove mentioned steps. Grrr still that nag. Rummaging through the HKCRCLSID didn't get me further and thanks toVolatility's advice i had a close look again at first the Regmon and then the Filemon listings. Apart from several checks to NS filesthere was nothing else for me to work on, and i took up WDASM's listing to check out those. Right among NS's data strings i found"ialize" followed by a "too long" routine which smelled fishy.Couldn't find "ialize" in the registry of NS entries, but "initialize"was one folder that 'sounds like' *grin*. Deleting it's content didn'tchange the behaviour of CYT, but del the whole folder did restore CYTto it's unregistered state. (Have to delete msffs.dll too,of course)Well, i havn't figured out how the prg calculates the first 4 letters(init), but the routine in the DASM listing after "ialize" seems topoint towards such a check. Does anybody know?Best wishesDawnRun