TSPY_ONGAME.SMG
PWS:Win32/OnLineGames.NJ (Microsoft); PWS-Onlinegames.ex (McAfee); Infostealer.Gampass (Symantec); Trojan-Dropper.Win32.Small.ceh (Kaspersky); Trojan-PSW.Win32.OnLineGames.as (fs) (Sunbelt)
Windows 2000, Windows XP, Windows Server 2003
Threat Type:
Spyware
Destructiveness:
No
Encrypted:
In the wild::
Yes
OVERVIEW
Elimina archivos para impedir la ejecución correcta de programas y aplicaciones.
Este malware se elimina tras la ejecución.
TECHNICAL DETAILS
Otras modificaciones del sistema
Elimina los archivos siguientes:
- %System%\198FF3D8.cfg
- %System%\198FF3D8.dll
- %User Temp%\liv1.tmp
(Nota: %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CLASSES_ROOT\CLsID\{198FF3D8-56F1-466B-A36F-F9C28B43E440}\
InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{198FF3D8-56F1-466B-A36F-F9C28B43E440}\InprocServer32
ThreadingModel = "Apartment"
Elimina las siguientes claves de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ClassicViewState
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ControlPanelInMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\DesktopProcess\
Policy\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\DesktopProcess\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\DesktopProcess
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\DisableThumbCache
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\FolderSizeTip
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\FriendlyTree
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\Hidden\
NOHIDDEN
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\Hidden\
SHOWALL
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\Hidden
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\HideFileExt
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\NetCrawler\
Policy\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\NetCrawler\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\NetCrawler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\PersistBrowsers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ShowCompColor
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ShowFullPath
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ShowFullPathAddress
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\ShowInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\SimpleSharing
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\SuperHidden\
Policy\DontShowSuperHidden
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\SuperHidden\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\SuperHidden
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder\WebViewBarricade
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey\15
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey\16
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey\17
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey\18
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey\7
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AppKey
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Associations
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\CancelAutoplay\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\CancelAutoplay\Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\CancelAutoplay
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\
EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\
FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\
EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\
FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\
EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\
FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\ContentTypeSniffers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceClasses
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\Camera
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\CellPhone
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\CFStorage
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\ClikDrive
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\FaxDevice
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\ImageMate
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\JazDrive
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\MemoryStick
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\MemoryStick-MG
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\OpticalDrive
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\PCMCIAStorage
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\PocketPC
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\PortableAudioPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\Printer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\SMStorage
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\TapeDrive
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\VideoCamera
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\ZipDrive100
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups\ZipDrive250
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceGroups
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CompaqPA1Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\
ContentTypes
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\
EventHandlers\MediaArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\GenericVolumeHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Intel3000Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Intel3000Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Intel3000Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\NikepsaplayHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Ravemp2300Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio600Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio600Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio600Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio800Handler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio800Handler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\Rio800Handler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\RioOneHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\RioOneHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\RioOneHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\
EventHandlers\DeviceArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\
EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\DeviceHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\CompaqPA1Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\CreativeNomadIIArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\CreativeNomadIIcArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\CreativeNomadIIMGArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\CreativeNomadJukeboxArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\DigisetteDuo64Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\DLinkDMP110Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\GenericVolumeArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\Intel3000Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\IntelPocketConcertArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\IomegaHipZipArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\MixedContentOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\NikepsaplayArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\Ravemp2300Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\Rio600Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\Rio800Arrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\RioOneArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers\VideoCameraArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\EventHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSCDBurningOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSOpenFolder
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPlayMediaOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPrintPicturesOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPromptEachTime
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSPromptEachTimeNoContent
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSRipCDAudioOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSShowPicturesOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSTakeNoAction
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSVideoCameraArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSWiaEventHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSWMDMHandler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers\Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
AutoplayHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
BitBucket
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
BrowseNewProcess
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
CD Burning\AudioBurnHandlers\{8dd448e6-c188-4aed-af92-44956194eb1f}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
CD Burning\AudioBurnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
CD Burning\ExcludedFS
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
CD Burning
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Accessibility_Options
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Add-Remove_Programs
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Date-Time
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Dialing_Options
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Display_Properties
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Internet_Options
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\Printers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{7007ACC7-3202-11D1-AAD2-00805FC1270E}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{78CB147A-98EA-4AA6-B0DF-C8681F69341C}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524152}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace\{E211B736-43FD-11D1-9EFB-0000F8757FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
DocFolderPaths
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FileAssociation
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\ShellFindInDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
0\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
0\HelpText
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
0\SearchGUID\UrlNavNew
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
0\SearchGUID
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
0
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
1\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
1\HelpText
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
1\SearchGUID\UrlNavNew
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
1\SearchGUID
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
1
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
2\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
2\HelpText
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
2\SearchGUID
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch\
2
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\ShellSearch
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WabFind\
0\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WabFind\
0
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WabFind
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WebSearch\
0\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WebSearch\
0\HelpText
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WebSearch\
0
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static\WebSearch
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions\Static
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
FindExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
HideDesktopIcons\ClassicStartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
HideDesktopIcons\NewStartPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
HideDesktopIcons
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
HideMyComputerIcons
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\BackupPath
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\cleanuppath
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\DefragPath
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\NameSpace\Controls
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\NameSpace\DelegateFolders\
{59031a47-3f72-44a7-89c5-5595fe6b30ee}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
MyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkCrawler\Objects\WorkgroupCrawler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkCrawler\Objects
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkCrawler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace\DelegateFolders\
{9DB7A13C-F208-4981-8353-73CC61AE2783}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace\{2728520d-1ec8-4c68-a551-316b684c4ea7}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace\{3c5c43a3-9ce9-4a9b-9699-2ac0cf6cc4bf}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace\{D4480A50-BA28-11d1-8E75-00C04FA31A86}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NetworkNeighborhood
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
NewShortcutHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
PublishingWizard\InternetPhotoPrinting
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
PublishingWizard
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
RecentDocs
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
RemoteComputer\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
RemoteComputer
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ShellExecuteHooks
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ShellIconOverlayIdentifiers\Offline Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
ShellIconOverlayIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\Policy\NoChangeStartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\AdminTools
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeControlPanel\
Policy\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeControlPanel\
Policy\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeControlPanel\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyDocuments\
Policy\NoSMMyDocs
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyDocuments\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyDocuments
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyPictures\
Policy\NoSMMyPictures
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyPictures\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadeMyPictures
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadePrinters\
Policy\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadePrinters\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\CascadePrinters
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\IntelliMenus\
Policy\IntelliMenus
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\IntelliMenus\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\IntelliMenus
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\NetConnect\
Policy\NoNetworkConnections
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\NetConnect\
Policy\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\NetConnect\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\NetConnect
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\SmallIcons
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuChange\
Policy\NoChangeStartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuChange\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuChange
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuFavorites\
Policy\NoFavoritesMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuFavorites\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuFavorites
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuLogoff\
Policy\ForceStartMenuLogoff
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuLogoff\
Policy\LogonType
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuLogoff\
Policy\StartMenuLogoff
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuLogoff\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuLogoff
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuRun\
Policy\NoRun
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuRun\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuRun
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu\StartMenuScrollPrograms
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel\
Policy\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\EnableDragDrop\
Policy\NoChangeStartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\EnableDragDrop\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\EnableDragDrop
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\Favorites\
Policy\NoFavoritesMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\Favorites\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\Favorites
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp\
Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyComp
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs\
Policy\NoSMMyDocs
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyDocs
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic\
Policy\NoStartMenuMyMusic
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyMusic
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics\
Policy\NoSMMyPictures
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\MyPics
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn\
Open
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn\
Policy\NoNetworkConnections
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\NetConn
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowAdminTools\
Both
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowAdminTools\
Hide
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowAdminTools\
Menu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowAdminTools
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowHelp\
Policy\NoSMHelp
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowHelp\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowHelp
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowNetPlaces\
Policy\NoStartMenuNetworkPlaces
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowNetPlaces\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowNetPlaces
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowOEMLink\
Policy\NoOEMLinkInstalled
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowOEMLink\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowOEMLink
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowPrinters\
Policy\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowPrinters\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowPrinters
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowRun\
Policy\NoRun
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowRun\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowRun
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSearch\
Policy\NoFind
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSearch\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSearch
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSetProgramAccessAndDefaults\
Policy\NoSMConfigurePrograms
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSetProgramAccessAndDefaults\
Policy
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\ShowSetProgramAccessAndDefaults
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel\StartMenuScrollPrograms
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu\StartPanel
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
StartMenu
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Streams\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Streams
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
TemplateRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
Tips
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\AnimateMinMax
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\ComboBoxAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\CursorShadow
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\DragFullWindows
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\DropShadow
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\FontSmoothing
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\ListBoxSmoothScrolling
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\ListviewAlphaSelect
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\ListviewShadow
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\ListviewWatermark
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\MenuAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\SelectionFade
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\TaskbarAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\Themes
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\TooltipAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects\WebView
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VisualEffects
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Active Setup Temp Folders
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Compress old files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Content Indexer Cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Downloaded Program Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Internet Cache Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Memory Dump Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Microsoft_Event_Reporting_2.0_Temp_Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Offline Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Offline Pages Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Old ChkDsk Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Recycle Bin
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Remote Desktop Cache Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Setup Log Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\System Restore
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Temporary Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Temporary Offline Files
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\Uninstall Backup Image
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches\WebClient and WebPublisher Cache
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
VolumeCaches
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WebView\TemplateMacros\BACKGROUNDIMAGE
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WebView\TemplateMacros\LOGOLINE
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WebView\TemplateMacros
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WebView
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WMPInfo\FileExts
HKEY_LOCAL_MACHINE\SOFTWARE\{9184057B-D51B-4C2A-B779-EB4F548E9FDA}\
WMPInfo
Rutina de infiltración
Infiltra los archivos siguientes:
- %System%\b770ca2.drv
(Nota: %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).
)Otros detalles
Este malware se elimina tras la ejecución.
SOLUTION
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Eliminar esta clave del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_CLASSES_ROOT\CLsID\{198FF3D8-56F1-466B-A36F-F9C28B43E440}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE
- {9184057B-D51B-4C2A-B779-EB4F548E9FDA}
Step 3
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{198FF3D8-56F1-466B-A36F-F9C28B43E440}\InprocServer32
- ThreadingModel = "Apartment"
Step 4
Buscar y eliminar este archivo
- %System%\b770ca2.drv
Step 5
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como TSPY_ONGAME.SMG En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Did this description help? Tell us how we did.