Trojan.Win32.Jorik.Nbdd.pfu (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Trojan.Win32.Jorik!IK (Emsisoft), Backdoor.Win32.Farfli.FD, Trojan-Downloader.Win32.Karagany.1.FD, Trojan-PSW.Win32.Bzub.2.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.NSIS.StartPage.FD, Trojan.Win32.Alureon.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.FlyStudio.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, TrojanFlyStudio.YR, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan-PSW, Trojan, Backdoor, Worm, Email-Worm, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 564da31e078bcf76ee12aa77cc11777d
SHA1: 5a72478e87d9661a7ca3ae2b1806737057616e25
SHA256: b5ea29e821319f3a51e3fec5151cf3fcc462722820f7c3535a8cbc19b741655f
SSDeep: 384:2Q85ujT jb85eMVH0tTlN1M YCuedio iod:1tjCjA5eMVH0tTlzM YneQUQ
Size: 28672 bytes
File type: PE32
Platform: WIN32
Entropy: Not Packed
PEID: MicrosoftVisualC; Armadillov171; MicrosoftVisualCv50v60MFC; MicrosoftVisualC50; UPolyXv05_v6
Company: SetupManager
Created at: 2013-03-21 07:46:04
Summary: Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.
Dynamic Analysis
Process activity
The Trojan creates the following process(es):
setup_open_3207.exe:184
ping.exe:2712
ie4uinit.exe:2168
JikeSetup.exe:448
WujiPlayer.exe:1108
setup50.exe:2792
setup50.exe:2404
Jike.exe:1512
xz.exe:652
setup_2951-3011.exe:3100
shmgrate.exe:2576
shmgrate.exe:2880
shmgrate.exe:2852
shmgrate.exe:3208
schovt.exe:1568
rundll32.exe:2548
rundll32.exe:1628
rundll32.exe:3492
rundll32.exe:3372
rundll32.exe:3220
rundll32.exe:2696
unregmp2.exe:3736
mscorsvw.exe:1912
Baidusd_OnlineSetup_sid_30016.exe:1504
taskkill.exe:2316
uuu.exe:260
V24.exe:1360
regsvr32.exe:2596
regsvr32.exe:2896
client.exe:1408
564da31e078bcf76ee12aa77cc11777d.exe:920
QypdkquFqy.EXE:192
Cfomwcktv_NET.exe:4076
Rundll32.exe:2656
msiexec.exe:3012
pvcxkfs.exe:1616
The Trojan injects its code into the following process(es):
conime.exe:640
PPTV.exe:3604
baidu.exe:2720
WJNews.exe:1248
yinyue.exe:2604
mumu.exe:3136
Install-NO£º1.exe:2224
x10.exe:576
lf_tgy.exe:1776
xiaohua100.exe:2308
NjqffhnBtu.EXE:1156
File activity
The process setup_open_3207.exe:184 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Wuji\2013628\Data\err.jpg (784 bytes)
%Program Files%\Wuji\2013628\DuiLib.dll (16288 bytes)
%Program Files%\Wuji\2013628\Data\Err.html (1 bytes)
%Program Files%\Wuji\2013628\Data\Def.html (902 bytes)
%Documents and Settings%\All Users\Desktop\µçÓ°FM.lnk (1 bytes)
%Program Files%\Wuji\2013628\WJNews.exe (26688 bytes)
%Program Files%\Wuji\2013628\playlist.xml (63 bytes)
%Program Files%\Wuji\2013628\Data\User2.ini (57 bytes)
%Program Files%\Wuji\2013628\Data\EKanR.dat (7192 bytes)
%Program Files%\Wuji\2013628\server.ini (1 bytes)
%Documents and Settings%\All Users\Desktop\ÃŒÃâ€Ã‚±Â¦Â¹ÂºÃŽÃ¯.lnk (1 bytes)
%Program Files%\Wuji\2013628\Data\loading.gif (8 bytes)
%Program Files%\Wuji\2013628\INISet\OLDSet.Xml (1 bytes)
%Program Files%\Wuji\2013628\Unins.exe (5064 bytes)
%Program Files%\Wuji\2013628\Data\tab_more.png (4 bytes)
%Documents and Settings%\All Users\Desktop\ÎÞ¼«Ó°Òô.lnk (778 bytes)
%Program Files%\Wuji\2013628\PlayerUpdate.exe (5520 bytes)
%Program Files%\Wuji\2013628\WujiPlayer.exe (10136 bytes)
%Program Files%\Wuji\2013628\icon\dyfm.ico (784 bytes)
%Program Files%\Wuji\2013628\WJNewsUninstall.exe (1856 bytes)
%Program Files%\Wuji\2013628\INISet\DMSet.Xml (1 bytes)
%Program Files%\Wuji\2013628\icon\taobao.ico (15 bytes)
%Program Files%\Wuji\2013628\SysConfig.ini (377 bytes)
%Program Files%\Wuji\2013628\client.ini (1 bytes)
%Program Files%\Wuji\2013628\Data\def.jpg (1552 bytes)
The process ie4uinit.exe:2168 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\security\logs\scecomp.log (1366 bytes)
%WinDir%\Temp\RGI10.tmp (1680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%WinDir%\Temp\RGID.tmp (230 bytes)
%Documents and Settings%\%current user%\My Documents\My Music\Desktop.ini (556 bytes)
%Documents and Settings%\%current user%\My Documents\desktop.ini (136 bytes)
%Documents and Settings%\%current user%\My Documents\My Pictures\Desktop.ini (564 bytes)
%WinDir%\Temp\OLD9.tmp (767 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini (162 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1474 bytes)
%WinDir%\Temp\RGIF.tmp (230 bytes)
%WinDir%\Temp\RGIE.tmp (230 bytes)
%WinDir%\Temp\OLD8.tmp (869 bytes)
%WinDir%\Temp\RGIB.tmp (230 bytes)
%WinDir%\Temp\RGIA.tmp (1011 bytes)
%WinDir%\Temp\RGIC.tmp (230 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\RGID.tmp (0 bytes)
%WinDir%\Temp\RGI10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\desktop.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (0 bytes)
%WinDir%\Temp\RGIC.tmp (0 bytes)
%WinDir%\Temp\OLD9.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (0 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (0 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch (0 bytes)
%WinDir%\Temp\RGIF.tmp (0 bytes)
%WinDir%\Temp\RGIE.tmp (0 bytes)
%WinDir%\Temp\OLD8.tmp (0 bytes)
%WinDir%\Temp\RGIB.tmp (0 bytes)
%WinDir%\Temp\RGIA.tmp (0 bytes)
The process JikeSetup.exe:448 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Jike\Jike.exe (50 bytes)
The process conime.exe:640 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\conime\Svchost.exe (19152 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15b1.bit (72535 bytes)
%WinDir%\conime\bitstreams\COPYING_ztex (811 bytes)
%WinDir%\conime\NEWS.txt (7192 bytes)
%WinDir%\conime\libusb-1.0.dll (3616 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d4.bin (6 bytes)
%WinDir%\conime\api-example.php (2 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d1.bit (133421 bytes)
%WinDir%\conime\linux-usb-cgminer.txt (11 bytes)
%WinDir%\conime\AUTHORS.txt (438 bytes)
%WinDir%\conime\libeay32.dll (49631 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15y1.bin (6 bytes)
%WinDir%\conime\poclbm130302.cl (1552 bytes)
%WinDir%\conime\GPU-README.txt (784 bytes)
%WinDir%\conime\svchostUpdate.zip (562396 bytes)
%WinDir%\conime\COPYING.txt (1552 bytes)
%WinDir%\conime\README.txt (784 bytes)
%WinDir%\Temp\con1A.tmp (58 bytes)
%WinDir%\conime\diablo130302.cl (1552 bytes)
%WinDir%\conime\bitstreams\COPYING_fpgaminer (983 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d3.bit (133421 bytes)
%WinDir%\conime\scrypt130511.cl (784 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15y1.bit (133421 bytes)
%WinDir%\Temp\con6.tmp (2 bytes)
%WinDir%\conime\api-example.c (7 bytes)
%WinDir%\conime\cgminer-nogpu.exe (16288 bytes)
%WinDir%\conime\API.java (3 bytes)
%WinDir%\conime\API.class (3 bytes)
%WinDir%\conime\ASIC-README.txt (4 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d4.bit (133421 bytes)
%WinDir%\conime\windows-build.txt (15 bytes)
%WinDir%\conime\ssleay32.dll (12536 bytes)
%WinDir%\conime\ChangeLog.txt (166 bytes)
%WinDir%\conime\zlib1.dll (3312 bytes)
%WinDir%\conime\bitstreams\fpgaminer_top_fixed7_197MHz.ncd (114009 bytes)
%WinDir%\conime\FPGA-README.txt (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA5GM5X7.htm (58 bytes)
%WinDir%\conime\phatk121016.cl (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cg[1].zip (894905 bytes)
%WinDir%\conime\diakgcn121016.cl (784 bytes)
%WinDir%\conime\libidn-11.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAT48RPT.htm (2 bytes)
%WinDir%\conime\librtmp.dll (6584 bytes)
%WinDir%\conime\libssh2.dll (6360 bytes)
%WinDir%\conime\miner.php (1856 bytes)
%WinDir%\conime\example.conf (763 bytes)
%WinDir%\conime\SCRYPT-README.txt (9 bytes)
%WinDir%\conime\libcurl.dll (20624 bytes)
%WinDir%\conime\API-README.txt (1856 bytes)
The Trojan deletes the following file(s):
%WinDir%\conime\svchostUpdate.zip (0 bytes)
%WinDir%\Temp\con6.tmp (0 bytes)
%WinDir%\Temp\con1A.tmp (0 bytes)
The process baidu.exe:2720 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%System%\Baidusd_OnlineSetup_sid_30016.exe (7972 bytes)
The process WujiPlayer.exe:1108 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Wuji\2013628\SysConfig.ini (24 bytes)
%Documents and Settings%\All Users\Desktop\µçÓ°FM.lnk (1 bytes)
%Program Files%\Wuji\2013628\Data\User2.ini (380 bytes)
The process setup50.exe:2792 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\OEWABLog.txt (172 bytes)
The process setup50.exe:2404 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\desktop.ini (82 bytes)
%WinDir%\OEWABLog.txt (771 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Address Book.lnk (1548 bytes)
The process Jike.exe:1512 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk (783 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (845 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (869 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (0 bytes)
The process WJNews.exe:1248 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Wuji\2013628\SysConfig.ini (24 bytes)
%Program Files%\Wuji\2013628\INISet\DMSet.Xml (1 bytes)
%Program Files%\Wuji\2013628\INISet\OLDSet.Xml (1 bytes)
The Trojan deletes the following file(s):
%Program Files%\Wuji\2013628\INISet\DMSet.Xml (0 bytes)
%Program Files%\Wuji\2013628\INISet\OLDSet.Xml (0 bytes)
The process xz.exe:652 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\Install-NO£º1.exe (31322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xz1[1].exe (49396 bytes)
The process yinyue.exe:2604 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%System%\setup_2951-3011.exe (23407 bytes)
The process shmgrate.exe:2576 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (779 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\desktop.ini (40 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (767 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini (120 bytes)
The process shmgrate.exe:2880 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Start Menu\Programs\desktop.ini (40 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Outlook Express.lnk (738 bytes)
The process shmgrate.exe:2852 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (779 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\desktop.ini (40 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (767 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini (40 bytes)
The process shmgrate.exe:3208 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Start Menu\Programs\desktop.ini (40 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Outlook Express.lnk (738 bytes)
The process schovt.exe:1568 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\o.ini (45 bytes)
%System%\dllone.txt (98 bytes)
\Device\Harddisk0\DR0 (4559 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\tp_5.tmp (0 bytes)
The process rundll32.exe:3220 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Favorites\Links\WINDOWS MARKETPLACE.URL (218 bytes)
The process unregmp2.exe:3736 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Start Menu\Programs\Windows Media Player.lnk (792 bytes)
%WinDir%\wmsetup.log (576 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk (804 bytes)
%System%\wmpns.dll (1281 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Start Menu\Programs\WINDOWS MEDIA PLAYER.LNK (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Accessories\ENTERTAINMENT (0 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\ENTERTAINMENT (0 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Entertainment\WINDOWS MEDIA PLAYER.LNK (0 bytes)
The process Baidusd_OnlineSetup_sid_30016.exe:1504 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\nsw18.tmp (88728 bytes)
%WinDir%\Temp\nsc19.tmp\BDMDownload.dll (3312 bytes)
%WinDir%\Temp\nsc19.tmp\BDMSkin.dll (33877 bytes)
%WinDir%\Temp\nsc19.tmp\config.ini (95 bytes)
%WinDir%\Temp\nsc19.tmp\setupinfo.txt.bdtmp (864 bytes)
%WinDir%\Temp\nsc19.tmp\KVNetInstallHelpler.dll (13584 bytes)
%WinDir%\Temp\nsc19.tmp\dl.dll (62035 bytes)
%WinDir%\Temp\nsc19.tmp\res\onlineWnd.zip (6584 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\nsc19.tmp (0 bytes)
%WinDir%\Temp\nsh17.tmp (0 bytes)
The process uuu.exe:260 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\DownloadSave\RCX1.tmp (106862 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\RecordPath (260 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\pvcxkfs.exe (62 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\DownloadSave\pvcxkfs.exe (0 bytes)
The process Install-NO£º1.exe:2224 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\PPTV.exe (1688 bytes)
%WinDir%\MyConfig.ini (223 bytes)
%WinDir%\Temp\baidu.exe (233 bytes)
%WinDir%\Temp\yinyue.exe (235 bytes)
%WinDir%\Temp\mumu.exe (261 bytes)
%WinDir%\Temp\Cfomwcktv_NET.exe (145 bytes)
%WinDir%\Temp\xiaohua100.exe (263 bytes)
The process x10.exe:576 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\imgcopy[1].png (2142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].gif (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\yp[1].js (145 bytes)
%Documents and Settings%\%current user%\Cookies\system@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Cookies\system@www.aixoxo[1].txt (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cnzz_core[1].php (408 bytes)
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[2].txt (967 bytes)
%System%\xz.exe (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shouyu[1].gif (69764 bytes)
%Documents and Settings%\%current user%\Cookies\system@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (6068 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (10216 bytes)
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[1].txt (1470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aixoxo[1].htm (2025 bytes)
%Documents and Settings%\%current user%\Cookies\system@page[1].txt (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\page[1].htm (145 bytes)
%Documents and Settings%\%current user%\Cookies\system@cnzz.mmstat[1].txt (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\a4[1].htm (315 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[1].txt (0 bytes)
The process lf_tgy.exe:1776 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Temp\nsa13.tmp\Installation_bg.bmp (20360 bytes)
%WinDir%\Temp\nsa13.tmp\aaa1.txt (958 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_button.bmp (2784 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_button2.bmp (3624 bytes)
%WinDir%\Temp\nsa13.tmp\registry.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\gethtm3[1].htm (958 bytes)
%WinDir%\Temp\nsa13.tmp\InetLoad.dll (24 bytes)
%WinDir%\Temp\nsa13.tmp\WndProc.dll (3 bytes)
%WinDir%\Temp\nsa13.tmp\System.dll (11 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_off4.bmp (1 bytes)
%WinDir%\Temp\nsa13.tmp\ok_button.bmp (3624 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_bg4.bmp (15493 bytes)
%WinDir%\Temp\nsa13.tmp\checkbox2.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\nsDialogs.dll (9 bytes)
%WinDir%\Temp\nsa13.tmp\checkbox1.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_ok.bmp (11480 bytes)
%WinDir%\Temp\nsa13.tmp\files.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\BgWorker.dll (2 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_off5.bmp (1 bytes)
%WinDir%\Temp\nsa13.tmp\SkinBtn.dll (4 bytes)
The Trojan deletes the following file(s):
%WinDir%\Temp\nsp12.tmp (0 bytes)
%WinDir%\Temp\nsa13.tmp (0 bytes)
The process regsvr32.exe:2596 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Desktop.htt (1397 bytes)
The process regsvr32.exe:2896 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\My Documents\My Music\Desktop.ini (248 bytes)
%Documents and Settings%\%current user%\My Documents\desktop.ini (38 bytes)
%Documents and Settings%\%current user%\Recent\Desktop.ini (252 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini (38 bytes)
%Documents and Settings%\%current user%\Favorites\Desktop.ini (181 bytes)
%Documents and Settings%\%current user%\My Documents\My Pictures\Desktop.ini (252 bytes)
The process client.exe:1408 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\conime\conime.exe (601 bytes)
The process xiaohua100.exe:2308 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\desktop.ini (159 bytes)
%System%\lf_tgy.exe (12288 bytes)
The process 564da31e078bcf76ee12aa77cc11777d.exe:920 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\uuu[1].exe (13570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c.ini (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bindplugin[1].ini (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\ksbinstaller_s_67_1003.exe (128588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup_open_3207[1].exe (449113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\uuu.exe (7772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\setup_open_3207.exe (232291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\JikeSetup.exe (18340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\JikeSetup[1].exe (34546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ksbinstaller_s_67_1003[1].exe (248739 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\54c\setup_open_3207.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\uuu[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bindplugin[1].ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup_open_3207[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\uuu.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\JikeSetup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\JikeSetup[1].exe (0 bytes)
The process NjqffhnBtu.EXE:1156 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3.tmp (1359 bytes)
The process QypdkquFqy.EXE:192 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Fonts\com43.ttf (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\man2.bat (255 bytes)
%System%\services.exe.rzxcp (601 bytes)
%System%\dllcache\services.exe (1137 bytes)
The Trojan deletes the following file(s):
%System%\services.exe.bzxck (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\man2.tmp (0 bytes)
The process Cfomwcktv_NET.exe:4076 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
C:\NT_path.jpg (62 bytes)
C:\1562500.dll (107 bytes)
The process msiexec.exe:3012 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%System%\config\default (21324 bytes)
%System%\config\SYSTEM.LOG (4681 bytes)
%System%\config\SOFTWARE.LOG (25787 bytes)
%System%\config\software (23417 bytes)
%System%\config\DEFAULT.LOG (25312 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7080 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (6876 bytes)
%WinDir%\Installer\14d16a.ipi (200 bytes)
%System%\config (200 bytes)
%System%\config\system (2031 bytes)
%WinDir%\Installer\MSI14.tmp (657 bytes)
C:\Config.Msi\14d16b.rbs (10670 bytes)
The Trojan deletes the following file(s):
%WinDir%\Installer\MSI14.tmp (0 bytes)
C:\MSI4d168.tmp (0 bytes)
C:\Config.Msi\MSI15.tmp (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ADMINISTRATIVE TOOLS (0 bytes)
%WinDir%\Installer\14d16a.ipi (0 bytes)
C:\Config.Msi (0 bytes)
D:\MSI4d169.tmp (0 bytes)
C:\Config.Msi\MSI16.tmp (0 bytes)
C:\Config.Msi\14d16b.rbs (0 bytes)
The process pvcxkfs.exe:1616 makes changes in a file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\list2[1].txt (68 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\NjqffhnBtu.EXE (23156 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\QypdkquFqy.EXE (6696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\9902[1].exe (6588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cn[1].exe (22900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\count[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\baidu[1].htm (0 bytes)
Registry activity
The process setup_open_3207.exe:184 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Wuji]
"Rd" = "_2013628"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÎÞ¼«Ó°Òô]
"DisplayIcon" = "%Program Files%\Wuji\2013628\Unins.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÎÞ¼«Ó°Òô]
"DisplayName" = "ÎÞ¼«Ó°Òô"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÎÞ¼«Ó°Òô]
"DisplayVersion" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÎÞ¼«Ó°Òô]
"UninstallString" = "%Program Files%\Wuji\2013628\Unins.exe"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 0F DA 10 BF 1B F4 1F E7 BF 3A 95 C9 6E E1 A9"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÎÞ¼«Ó°Òô]
"Publisher" = "ÎÞ¼«Ó°Òô"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WJNews_2013628" = "%Program Files%\Wuji\2013628\WJNews.exe -mini"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WujiPlayer_2013628" = "%Program Files%\Wuji\2013628\WujiPlayer.exe -mini"
The process ping.exe:2712 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 2E C4 D9 FF 8E 95 26 09 4E 59 99 BE C7 04 EC"
The process ie4uinit.exe:2168 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\CCSelect]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1C00" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"MinLevel" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"PrivacyAdvanced" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Save_Session_History_On_Exit" = "no"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"shell" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Description" = "Your computer"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"BackupPath" = "%Program Files%\Uninstall Information\IEHomePageInfo"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1400" = "3"
[HKU\.DEFAULT\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001]
"Version" = "327680"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"http" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227" = "My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Flags" = "33"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"Description" = "This zone contains Web sites that you trust not to damage your computer or data."
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\SecurityBand]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"DisplayName" = "Trusted sites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"EmailName" = "IEUser@"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"1A10" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"Flags" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"Description" = "This zone contains all Web sites that are on your organization's intranet."
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1A10" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1805" = "0"
[HKU\.DEFAULT\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001]
"Description" = "Internet Explorer"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"DisplayName" = "Internet"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C533ADF1-0C80-11D1-8C54-00A02468F316}]
"Flags" = "1"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar]
"SaveLinksOrder" = "01 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Settings]
"Use Anchor Hover Color" = "No"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"Icon" = "inetcpl.cpl#00004480"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Use_DlgBox_Colors" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1805" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"SYSTEM" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"DisplayName" = "My Computer"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Local Page" = "%System%\blank.htm"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}" = "1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon" = "explorer.exe#0100"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"1805" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Services]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"MinLevel" = "73728"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"History" = "%USERPROFILE%\Local Settings\History"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cookies" = "%USERPROFILE%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"Icon" = "inetcpl.cpl#00004480"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Security]
"Sending_Security" = "Medium"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Security]
"Viewing_Security" = "Low"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"Description" = "This zone contains Web sites that you trust not to damage your computer or data."
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1805" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"Icon" = "inetcpl.cpl#001313"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\SecurityBand\.default]
"(Default)" = "%WinDir%\media\Windows XP Information Bar.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"DisplayName" = "Local intranet"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MimeExclusionListForCache" = "multipart/mixed multipart/x-mixed-replace multipart/x-byteranges"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"BackupFileSize" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Settings]
"Anchor Color" = "0,0,255"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"DisplayName" = "Restricted sites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"Icon" = "inetcpl.cpl#001313"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"1805" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"file" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"DisplayName" = "Trusted sites"
[HKU\.DEFAULT\AppEvents\EventLabels\ShowBand]
"(Default)" = "Show Toolbar Band"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"Description" = "This zone contains all Web sites you haven't placed in other zones"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"(Default)" = ""
[HKU\.DEFAULT\AppEvents\EventLabels\MoveMenuItem]
"(Default)" = "Move Menu Item"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"BackupRegistry" = "y"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"Description" = "This zone contains Web sites that could potentially damage your computer or data."
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"@ivt" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_StatusBar" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"Description" = "This zone contains all Web sites you haven't placed in other zones"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Flags" = "33"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyByPass" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"{AEBA21FA-782A-4A90-978D-B72164C80120}" = "1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent" = "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Document Windows]
"width" = "00 00 00 80"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigProxy" = "wininet.dll"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Document Windows]
"height" = "00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"1805" = "0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\ShowBand]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup\0]
"3bdd6b017b35029e" = "2C 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F 73"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{754FF233-5D4E-11D2-875B-00A0C93C09B3}]
"Flags" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]
"State" = "146432"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"1805" = "1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A FE 87 29 D5 25 2B 79 E8 87 58 82 5E BD A5 53"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1805" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"Icon" = "shell32.dll#0018"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName" = "Links"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Document Windows]
"x" = "00 00 00 80"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Document Windows]
"y" = "00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\TypedURLs]
"url1" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_ChannelBand" = "No"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"CurrentLevel" = "0"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IE CompList]
"IE40.UserAgent" = ""
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Settings]
"Anchor Color Visited" = "128,0,128"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Do404Search" = "01 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes" = "1048576"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"RecommendedLevel" = "66816"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"ftp" = "3"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Display Inline Images" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_FullURL" = "no"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1201" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"MinLevel" = "69632"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"RecommendedLevel" = "69632"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\BlockedPopup\.current]
"(Default)" = "%WinDir%\media\Windows XP Pop-up Blocked.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF}]
"Flags" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"2000" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\Scripts\3]
"IEFixedFontName" = "Courier New"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Description" = "Your computer"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_URLToolBar" = "yes"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"Flags" = "33"
[HKU\.DEFAULT\Software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup\0.map]
"3bdd6b017b35029e" = ",1,HKCU,Software\Microsoft\Internet Explorer\Main,First Home Page,"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"InstallINFFile" = "%System%\homepage.inf"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"Flags" = "33"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1549E58-3894-11D2-BB7F-00A0C999C4C1}]
"Flags" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"DisplayName" = "My Computer"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"DisplayName" = "Restricted sites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"RecommendedLevel" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"Flags" = "219"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchUrl]
"provider" = ""
[HKU\.DEFAULT\AppEvents\EventLabels\CCSelect]
"(Default)" = "Select"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon" = "explorer.exe#0100"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"1805" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"CurrentLevel" = "0"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"InstallINFSection" = "DefaultInstall.NT"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Settings]
"Text Color" = "0,0,0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
"(Default)" = ""
[HKU\.DEFAULT\AppEvents\EventLabels\BlockedPopup]
"(Default)" = "Blocked Pop-up Window"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Document Windows]
"Maximized" = "no"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\MoveMenuItem]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001]
"FileName" = "IEXPLORE.EXE"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"{AEBA21FA-782A-4A90-978D-B72164C80120}" = "1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19"
[HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 A3 77 D1 B1"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_URLinStatusBar" = "yes"
[HKU\.DEFAULT\AppEvents\EventLabels\ActivatingDocument]
"(Default)" = "Complete Navigation"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\SecurityBand\.current]
"(Default)" = "%WinDir%\media\Windows XP Information Bar.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"Icon" = "inetcpl.cpl#00004481"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\Scripts\3]
"IEPropFontName" = "Times New Roman"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\BlockedPopup]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1549E58-3894-11D2-BB7F-00A0C999C4C1}]
"Version" = "*"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\ActivatingDocument]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cache" = "%USERPROFILE%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam]
"BagMRU Size" = "5000"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"Flags" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"Flags" = "71"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C533ADF1-0C80-11D1-8C54-00A02468F316}]
"Version" = "*"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"Icon" = "inetcpl.cpl#00004481"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Show_ToolBar" = "yes"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"ComponentVersion" = "6.0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"{A8A88C49-5EB2-4990-A1A2-0876022C854F}" = "1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
"https" = "3"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\BlockedPopup\.default]
"(Default)" = "%WinDir%\media\Windows XP Pop-up Blocked.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{754FF233-5D4E-11D2-875B-00A0C93C09B3}]
"Version" = "*"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"WarnOnPost" = "01 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"EnableHttp1_1" = "1"
[HKU\.DEFAULT\AppEvents\EventLabels\SecurityBand]
"(Default)" = "Information Bar"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Settings]
"Background Color" = "192,192,192"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"CurrentLevel" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Cache_Update_Frequency" = "Once_Per_Session"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"UseSchannelDirectly" = "01 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"DisplayName" = "Local intranet"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"BackupFileName" = "%Program Files%\Uninstall Information\IEHomePageInfo\IEHomePageInfo.DAT"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"RecommendedLevel" = "73728"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page" = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"Icon" = "shell32.dll#0018"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\NewShortcutHandlers]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF}]
"Version" = "*"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"DisplayName" = "Internet"
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup\IE CompList]
"IE.HKCUZoneInfo" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"Flags" = "33"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"Description" = "This zone contains Web sites that could potentially damage your computer or data."
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"IE5_UA_Backup_Flag" = "5.0"
[HKU\.DEFAULT\Software\Microsoft\Windows\Shell]
"BagMRU Size" = "5000"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"Description" = "This zone contains all Web sites that are on your organization's intranet."
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"MinLevel" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"CurrentLevel" = "0"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons]
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
[HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB]
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"First Home Page"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default Channels"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"WarnAlwaysOnPost"
[HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB]
"File"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International]
"Default_CodePage"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
"{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Additional Channels"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cache"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Content"
[HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs]
"A377D1B1C0538833035211F4083D00FECC414DAB"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"HeaderExclusionListForCache"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
"Signature"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"History"
The process JikeSetup.exe:448 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sfchk" = "%Program Files%\Jike\Jike.exe"
The process conime.exe:640 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 A9 D7 B9 26 FB 14 0A A5 02 A9 07 E6 91 58 9D"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"conime" = "c:\windows\conime\conime.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process PPTV.exe:3604 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 D4 D4 9B B3 43 3D BF F9 E5 CC D5 7A 5E F6 B5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process baidu.exe:2720 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 4E B9 3A 8D 23 28 B6 17 AE 50 03 DA D5 E6 69"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process WujiPlayer.exe:1108 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 B3 58 7E 9C 19 33 1D 5C 94 67 8F 8B 92 9C A9"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
The process setup50.exe:2792 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"shmgrate.exe" = "Windows NT User Data Migration Tool"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}]
"Directory Name" = "4147892"
[HKU\.DEFAULT\Identities]
"Last User ID" = "{003F4AB4-66D7-4554-9868-68F9BAAF30FF}"
[HKU\.DEFAULT\Identities]
"Last Username" = "Main Identity"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Identities]
"Default User ID" = "{003F4AB4-66D7-4554-9868-68F9BAAF30FF}"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWP" = "B4 4A 3F 00 D7 66 54 45 98 68 68 F9 BA AF 30 FF"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File5" = "Blank.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File4" = "Citrus Punch.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File6" = "Leaves.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File1" = "Nature.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File0" = "Clear Day.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File3" = "Sunflower.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File2" = "Maize.htm"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWPVer" = "6,0,2900,5512"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}\Software\Microsoft\Outlook Express\5.0]
"VerStamp" = "0"
[HKU\.DEFAULT\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWPVer" = "6,0,2900,5512"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}]
"Username" = "Main Identity"
[HKU\.DEFAULT\Identities]
"Identity Ordinal" = "1"
[HKU\.DEFAULT\Identities\{003F4AB4-66D7-4554-9868-68F9BAAF30FF}]
"User ID" = "{003F4AB4-66D7-4554-9868-68F9BAAF30FF}"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 30 E2 4D A8 00 B9 31 98 84 CD 97 DC EC 88 BE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup]
"MigToLWP" = "B4 4A 3F 00 D7 66 54 45 98 68 68 F9 BA AF 30 FF"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Identities]
"IncomingID"
[HKU\.DEFAULT\Identities]
"OutgoingID"
[HKU\.DEFAULT\Identities]
"Changing"
The process setup50.exe:2404 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32]
"shell32.dll,-22017" = "Address Book"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 66 17 FA 89 B8 91 2C 77 61 3D D0 D5 F4 D8 B8"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The process Jike.exe:1512 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\jike]
"(Default)" = "http://www.hao123.com/?tn=39005028_93_hao_pg"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E 30 E7 07 23 15 ED 43 E0 BA CD 23 BE 42 5F 81"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.hao123.com/?tn=39005028_93_hao_pg"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sfchk" = "%Program Files%\Jike\Jike.exe"
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tbk_hao123"
The process WJNews.exe:1248 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F DF 44 49 AA 29 FA 71 31 65 4D 5D 6A 15 D0 F3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The process xz.exe:652 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 57 A1 08 EC 8C 8E F7 3D 55 20 9B E4 8A B8 CC"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process setup_2951-3011.exe:3100 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 BF AB 47 98 DB A1 93 B0 6A C5 47 66 54 02 2F"
The process yinyue.exe:2604 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 89 55 78 F9 0B D1 63 59 6D EC 5F 24 DB 66 B2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0A 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process shmgrate.exe:2576 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 1C 2F F7 77 DA 18 D0 54 17 2D 01 13 1F AF 57"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11001" = "Internet Explorer"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11003" = "Launch Internet Explorer Browser"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The process shmgrate.exe:2880 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 B6 60 5E B1 22 82 86 2E 45 DA 94 99 7C 4E 6D"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The process shmgrate.exe:2852 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11001" = "Internet Explorer"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11003" = "Launch Internet Explorer Browser"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 27 8E BB 12 79 2C 2A 24 D5 B1 1E 74 62 EE BF"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"
The process shmgrate.exe:3208 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 6D DB D2 62 5C A3 D3 75 90 B3 BF F2 94 9E 95"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11004" = "Outlook Express"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The process schovt.exe:1568 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 0D B2 7E D3 65 0E 35 6A 2B 34 1C 71 B5 8C 3A"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process rundll32.exe:2548 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 4B 6A 14 7B 4C AC 84 43 D8 CB 7B 82 26 D7 94"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Security]
"Safety Warning Level" = "Query"
The process rundll32.exe:1628 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 85 40 81 01 3F B7 6A ED 34 8D 6C CE 4E 96 F3"
The process rundll32.exe:3492 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 CA 16 08 E3 29 C6 AE E4 97 9A 20 2D 0D 08 73"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"Locale" = "EN"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Preferences]
"AcceptedPrivacyStatement" = "0"
[HKU\.DEFAULT\Software\Microsoft\Keyboard\Native Media Players\WMP]
"AppName" = "Windows Media Player"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Preferences]
"UpgradeCheckFrequency" = "01 00 00 00"
[HKU\.DEFAULT\Software\Classes\Software\Microsoft\MediaPlayer\Preferences]
"AcceptedPrivacyStatement" = "1"
[HKU\.DEFAULT\Software\Microsoft\Keyboard\Native Media Players\WMP]
"ExePath" = "%Program Files%\Windows Media Player\wmplayer.exe"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Preferences]
"StretchToFit" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Setup]
"UDBLocalPath"
The process rundll32.exe:3372 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 6F 44 FF A4 4D BA A4 D9 0F AC 0E 59 8A 2B 84"
[HKU\.DEFAULT\Software\Microsoft\MessengerService]
"(Default)" = "Windows Messenger"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewMessage]
"DispFileName" = "@xpob2res.dll,-41584"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Current]
"(Default)" = "%Program Files%\Messenger\newemail.wav"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"Locale" = "EN"
[HKU\.DEFAULT\Software\Microsoft\MessengerService]
"CorpPC2Phone" = "0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Current]
"(Default)" = "%Program Files%\Messenger\type.wav"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewMessage]
"(Default)" = "New Message"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewAlert]
"(Default)" = "New Alert"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\MSMSGS]
"(Default)" = "Windows Messenger"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\.Current]
"(Default)" = "%Program Files%\Messenger\online.wav"
[HKU\.DEFAULT\Software\Microsoft\MessengerService]
"MSNState" = "01 00 00 00"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_ContactOnline]
"DispFileName" = "@xpob2res.dll,-41583"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\.Current]
"(Default)" = "%Program Files%\Messenger\newalert.wav"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewMail]
"(Default)" = "New Mail"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewMail]
"DispFileName" = "@xpob2res.dll,-41586"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"Version" = "4,7,0,3000"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_ContactOnline]
"(Default)" = "Contact Online"
[HKU\.DEFAULT\AppEvents\EventLabels\MSMSGS_NewAlert]
"DispFileName" = "@xpob2res.dll,-41585"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\MessengerService]
"UseKeyring"
[HKU\.DEFAULT\Software\Microsoft\MessengerService]
"FirstTimeUser"
The process rundll32.exe:3220 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 F7 DF F7 69 F5 5D B4 56 6F 44 4A 66 FC B1 8E"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process rundll32.exe:2696 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 08 3E CF 5E 36 F9 FF 5E 0B BB FF 37 22 7E 91"
The process unregmp2.exe:3736 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\SystemFileAssociations\.mpa\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"Extensions.SpaceSep" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"MediaType.Description" = "AIFF Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10016"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.asx]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"Extension.MIME" = "video/x-ms-wvx"
[HKCR\WPLFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Permissions" = "15"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-wvx" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"Extensions" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"MediaType.DescriptionID" = "9903"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"Extension.Key" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"Extension.MIME" = "audio/mpeg"
[HKCR\mpegfile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\MMSU\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"Runtime" = "11"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\MIME\Database\Content Type\audio/x-aiff]
"Extension" = ".aiff"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"Action" = "@wmploc.dll,-6506"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"InvokeProgID" = "WMP.DVD"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"MCIHandler" = "MPEGVideo"
[HKCR\WAXFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wmz" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"ReplaceApps" = "*.*"
[HKCR\WMP.DVR-MSFile]
"(Default)" = "Microsoft Recorded TV Show"
[HKCR\WAXFile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"Extension.MIME" = "video/x-ms-wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"MediaType.DescriptionID" = "9909"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"InvokeProgID" = "WMP.RipCD"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"MCIHandler" = "Sequencer"
[HKCR\MIME\Database\Content Type\video/x-ms-wmx]
"CLSID" = "{cd3afa93-b84f-48f0-9393-7edc34128127}"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wm" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"Protocols" = "mms mmst mmsu msbd"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wvx" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wvx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.asx]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"Extension.Key" = ".asx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKCR\AVIFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"Extensions" = ".aif .aifc .aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"Extension.MIME" = "audio/basic"
[HKCR\MIME\Database\Content Type\video/mpg]
"Extension" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\mpegfile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10003"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"Extension.Key" = ".wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"Extension.MIME" = "audio/basic"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"Extensions.CommaSep" = "wma"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmst]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"MediaType.DescriptionID" = "9912"
[HKCR\MIDFile\shell\play]
"(Default)" = "&Play"
[HKCR\mp3file\shell\open]
"LegacyDisable" = ""
[HKCR\WMSFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /layout:%L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"PerceivedType" = "video"
[HKCR\cdafile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"Extension.Handler" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Extension.Handler" = "ASFFile"
[HKCR\WAXFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".m3u" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"Extension.Key" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKCR\WPLFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"MediaType.Icon" = "dxmasf.dll,-500"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpg]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m3u]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"AlreadyRegistered" = "yes"
[HKCR\.mpa]
"(Default)" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"(Default)" = "MIDI file (midi)"
[HKCR\cdafile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks]
"(Default)" = "Windows Media Player"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"Extension.Handler" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"Extensions" = ".mpeg .mpg .mpe .m1v .mp2 .mpv2 .mp2v .mpa"
[HKCR\WVXFile\shell]
"(Default)" = "play"
[HKCR\MIME\Database\Content Type\video/x-mpeg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"CLSID" = "{cd3afa73-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"NavPrereg" = "No"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"Permissions" = "15"
[HKCR\.mp3]
"(Default)" = "mp3file"
[HKCR\MMST]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\WAXFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"Extension.Handler" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\AIFFFile\shell\play]
"(Default)" = "&Play"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-ms-wma" = "wma"
[HKCR\.mp2v]
"Content Type" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"(Default)" = "Windows Media Video file (wmv)"
[HKCR\MMS\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".rmi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"MediaType.Description" = "AIFF Format Sound"
[HKCR\mp3file\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"Extensions.SpaceSep" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE0" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"Description" = "Includes audio CDs and files with .cda extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10000"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"Extensions.CommaSep" = "wav"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"Version" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"Extension.MIME" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\.dvr-ms]
"(Default)" = "WMP.DVR-MSFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"CLSID" = "{cd3afa95-b84f-48f0-9393-7edc34128127}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/mid" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"Extensions" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage]
"LastUpdateTime" = "46 82 43 A2 FE 73 CE 01"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"Extensions.CommaSep" = "m3u"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"InitCmdLine" = "%ProgramFiles%\Windows Media Player\wmplayer.exe /prefetch:3 /task:PortableDevice"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"Extensions.CommaSep" = "wma"
[HKCR\.wma]
"(Default)" = "WMAFile"
[HKCR\SystemFileAssociations\.snd\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\PlayerUpgrade]
"PlayerVersion" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"MIME Types" = "audio/x-ms-wma audio/x-ms-wax"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE7" = "audio/mpg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"MediaType.Icon" = "%System%\wmploc.dll,-617"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKCR\WVXFile]
"(Default)" = "Windows Media Audio/Video playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9997"
[HKCR\wmafile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"AlreadyRegistered" = "yes"
[HKCR\AUFile]
"EditFlags" = "00 00 01 00"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE4" = "audio/mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".avi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"MediaType.DescriptionID" = "9903"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE8" = "audio/wav"
[HKCR\AUFile\shell\open]
"(Default)" = "&Open"
[HKCR\Media Type\Extensions\.wax]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"Extension.MIME" = "audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"MediaType.DescriptionID" = "9910"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-midi" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"Shell.Open" = "/prefetch:5 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-asf-plugin" = "asf,asx,wm,wmx"
[HKCR\m3ufile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10015"
[HKCR\WMP.DVR-MSFile\shell\play]
"(Default)" = "&Play"
[HKCR\WPLFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"98" = "98,117,116"
[HKCR\HTTP\AnimExtensions]
".wm" = "dxmasf.dll,150"
[HKCR\AudioCD\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Runtime" = "7"
[HKCR\WMDFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\.wpl]
"(Default)" = "WPLFile"
[HKCR\mp3file\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:6 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\msbd]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\DVD]
"(Default)" = "DVD Video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"MCIHandler" = "MPEGVideo"
[HKCR\WVXFile\shell\open]
"LegacyDisable" = ""
[HKCR\WMVFile]
"(Default)" = "Windows Media Audio/Video file"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"Extension.Handler" = "AUFile"
[HKCR\SoundRec\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"MediaType.Description" = "AIFF Format Sound"
[HKCR\WPLFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"Permissions" = "1"
[HKCR\MIME\Database\Content Type\audio/basic]
"CLSID" = "{cd3afa73-b84f-48f0-9393-7edc34128127}"
[HKCR\HTTP\AnimExtensions]
".wma" = "dxmasf.dll,150"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".dvr-ms" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"MCIHandler" = "MPEGVideo"
[HKCR\HTTP\AnimExtensions]
".wmv" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|iexplore.exe"
[HKCR\HTTP\AnimExtensions]
".wmx" = "dxmasf.dll,150"
[HKCR\SystemFileAssociations\.m3u\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"MediaType.DescriptionID" = "9912"
[HKCR\.wmx]
"(Default)" = "ASXFile"
[HKCR\AVIFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"Extension.Key" = ".wm"
[HKCR\AIFFFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"MediaType.DescriptionID" = "9903"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"Description" = "Includes files with .mp3 and .m3u extensions."
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-aiff" = "aif,aifc,aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"Extension.Key" = ".wmv"
[HKCR\.mpv2]
"Content Type" = "video/mpeg"
[HKCR\.mpg]
"Content Type" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".avi" = ""
[HKCR\AIFFFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\Codecs\Default]
"URL" = "http://www.microsoft.com/windows/windowsmedia/features/compression/default.asp"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"AlreadyRegistered" = "yes"
[HKCR\AIFFFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"Extension.Key" = ".asx"
[HKCR\mpegfile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"MediaType.Icon" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKCR\WMDFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9995"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".asf" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".asx" = ""
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0]
"0" = "0,4,ffdfdfdf,3C53414d"
[HKCR\.cda]
"(Default)" = "CDAFile"
[HKCR\WMVFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"MediaType.Description" = "Windows Media Player Skin File"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"MediaType.DescriptionID" = "9907"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wvx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"Extension.Key" = ".wm"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"Extension.Handler" = "CDAFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\HTTP\AnimExtensions]
".asx" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"MediaType.Description" = "MP3 Format Sound"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".dvr-ms" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".m3u" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"MIME Types" = "audio/x-aiff audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"Shell.AltVerb.Cmd" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mp3" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".au" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wav" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"ProgID" = "Shell.HWEventHandlerShellExecute"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"Extension.MIME" = "audio/x-ms-wax"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-mpeg" = "mp3"
[HKCR\SoundRec\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Extension.Handler" = "mpegfile"
[HKCR\MIME\Database\Content Type\audio/mid]
"Extension" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"Extension.MIME" = "audio/mid"
[HKCR\mp3file\shell]
"(Default)" = "play"
[HKCR\DVD\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.avi]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"Extension.Key" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wax" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions]
"9" = "@%WinDir%\inf\unregmp2.exe,-9927"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"Extensions" = ".au .snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"Extensions.SpaceSep" = ".avi"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mid" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\""%Program Files%\Windows Media Player]
"wmplayer.exe""" = "Yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"Description" = "Includes files with .wmv and .wvx extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"Devices" = "AudioCD"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9999"
[HKCR\SystemFileAssociations\audio\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"CheckSupportedTypes" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"Extension.Handler" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10011"
[HKCR\.wav]
"(Default)" = "soundrec"
[HKCR\AUFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"(Default)" = "MIDI file (midi)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"MediaType.DescriptionID" = "9925"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"Permissions" = "15"
[HKCR\WMP.WMDBFile\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"MediaType.DescriptionID" = "9910"
[HKCR\MMSU\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/avi" = "avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"MIME Types" = "video/x-ms-wmv video/x-ms-wvx"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aif]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"CLSID" = "{cd3afa71-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"Extension.Key" = ".wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"ReplaceApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Extension.Handler" = "avifile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"Extensions" = ".mp3 .m3u"
[HKCR\WAXFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKCR\WPLFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"PerceivedType" = "video"
[HKCR\.mp2]
"(Default)" = "mpegfile"
[HKCR\wmafile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2v]
"MPlayer2.Set" = "yes"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".aif" = ""
[HKCR\WVXFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mid]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\WPLFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"Extension.Key" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10004"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"Extensions.SpaceSep" = ".wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Shell.Open" = "/prefetch:6 /Open %L"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-mpeg2a" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\AudioCD]
"(Default)" = "AudioCD"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/msvideo" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"Extension.Key" = ".aiff"
[HKCR\AIFFFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"66" = "273,66"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10013"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"Extensions.CommaSep" = "aif,aifc,aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"Extensions" = ".asf .asx .dvr-ms .wpl .wm .wmx .wmd .wmz"
[HKCR\mpegfile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"Extension.Key" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"Extension.MIME" = "video/x-ms-wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"Extension.Key" = ".wma"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"IsInstalled" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"Extensions.SpaceSep" = ".wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"MediaType.DescriptionID" = "9903"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".m1v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Runtime" = "6"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m1v]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mpa" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"Description" = "Includes files with .mp3 and .m3u extensions."
[HKCR\WMVFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\WMZFile\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"Extensions.SpaceSep" = ".wax"
[HKCR\ASFFile]
"(Default)" = "Windows Media Audio/Video file"
[HKCR\SoundRec\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKCR\.wmd]
"Content Type" = "application/x-ms-wmd"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"NavPrereg" = "No"
[HKCR\MIME\Database\Content Type\audio/mpegurl]
"CLSID" = "{cd3afa78-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"MIME Types" = "video/avi video/msvideo video/x-msvideo"
[HKCR\AUFile\shell\play]
"(Default)" = "&Play"
[HKCR\.asf]
"Content Type" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"Runtime" = "7"
[HKCR\MIME\Database\Content Type\video/x-ms-wvx]
"CLSID" = "{cd3afa95-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\ASFFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"Extensions" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.rmi]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\AUFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"MCIHandler" = "MPEGVideo"
[HKCR\ASFFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmsu]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"Extension.Key" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival]
"MSRipCDAudioOnArrival" = ""
[HKCR\ASXFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"MediaType.Description" = "MIDI Sequence"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"MediaType.Icon" = "%System%\wmploc.dll,-616"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"Extensions.SpaceSep" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"AlreadyRegistered" = "yes"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\""C:\PROGRA~1\WINDOW~2]
"wmplayer.exe""" = "Yes"
[HKCR\MIME\Database\Content Type\video/avi]
"Extension" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"Extension.Key" = ".wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Shell.AltVerb.Cmd" = "/prefetch:6 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"MediaType.DescriptionID" = "9923"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-mpegurl" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wax" = ""
[HKCR\mp3file\shell\play]
"(Default)" = "&Play"
[HKCR\m3ufile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:6 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wav" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-msvideo" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"MediaType.DescriptionID" = "9904"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"(Default)" = "Windows audio file (wav)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"CLSID" = "{cd3afa92-b84f-48f0-9393-7edc34128127}"
[HKCR\wmafile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"Extension.Key" = ".wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"Extension.Key" = ".wma"
[HKCR\WMVFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\WVXFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKCR\WAXFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"Extension.Handler" = "ASXFile"
[HKCR\AUFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKCR\MIDFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\MIME\Database\Content Type\video/mpeg]
"Extension" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Extension.MIME" = "video/mpeg"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"DefaultIcon" = "%ProgramFiles%\Windows Media Player\wmplayer.exe,0"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"Version" = "9,0,0,4503"
[HKCR\.aiff]
"(Default)" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Setup\Installed Versions]
"wmploc.dll" = "00 00 09 00 97 11 00 00"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-asf" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aif]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"Extension.Key" = ".mid"
[HKCR\MIDFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKCR\MIME\Database\Content Type\audio/aiff]
"Extension" = ".aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"MediaType.DescriptionID" = "9913"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"MIME Types" = "application/x-mplayer2 video/x-ms-asf video/x-ms-asf-plugin video/x-ms-wm video/x-ms-wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"Extensions.CommaSep" = "aif,aifc,aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\MIME\Database\Content Type\video/x-ms-asf]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\ASFFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"NavPrereg" = "No"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"MIME Types" = "audio/mpeg audio/mpg audio/mp3 audio/x-mpeg audio/x-mpg audio/x-mp3 audio/mpegurl audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"DefaultIcon" = "%ProgramFiles%\Windows Media Player\wmplayer.exe,0"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"Extensions.CommaSep" = "m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"CLSID" = "{cd3afa93-b84f-48f0-9393-7edc34128127}"
[HKCR\WMVFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wpl]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\ASXFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"Extension.Key" = ".wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"MIME Types" = "audio/basic"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"Action" = "@wmploc.dll,-6503"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"MediaType.Icon" = "quartz.dll,-202"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"Permissions" = "15"
[HKCR\AVIFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.rmi]
"MPlayer2.Set" = "yes"
[HKCR\WVXFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"Extension.Handler" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10004"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\AudioCD]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.au]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"DefaultIcon" = "%ProgramFiles%\Windows Media Player\wmplayer.exe,0"
[HKCR\mp3file\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks]
"AppName" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"Extensions.SpaceSep" = ".mp3"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE13" = "audio/x-mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCR\MSBD\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"Extension.MIME" = "audio/aiff"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mp2" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mp3" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE15" = "audio/x-mpg"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wax]
"MPlayer2.Set" = "yes"
[HKCR\mp3file\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"MediaType.Icon" = "dxmasf.dll,-500"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"MediaType.Icon" = "quartz.dll,-103"
[HKCR\MIME\Database\Content Type\video/x-mpeg]
"Extension" = ".mpeg"
[HKCR\WMSFile\shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Extension.MIME" = "audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"Extensions.CommaSep" = "wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"MIME Types" = "audio/x-aiff audio/aiff"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".cda" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"Runtime" = "11"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"Permissions" = "15"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mpa" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"MediaType.Description" = "Windows Media Audio shortcut"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mpg" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mpe" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9993"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"MIME Types" = "audio/mid audio/midi audio/x-mid audio/x-midi midi/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\DVD]
"ReplaceApps" = "wmplayer.exe|dvdplay.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9997"
[HKCR\ASFFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"Extension.Handler" = "WMZFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"MediaType.DescriptionID" = "9902"
[HKCR\MIME\Database\Content Type\application/x-mplayer2]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"MediaType.Description" = "Video Clip"
[HKCR\WMVFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"ReplaceApps" = "*.*"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/mpegurl" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"Extension.Handler" = "WMP.DVR-MSFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Extension.Handler" = "WMVFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"Extension.Handler" = "ASXFile"
[HKCR\Media Type\Extensions\.wvx]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"AlreadyRegistered" = "yes"
[HKCR\wmafile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"Extensions.SpaceSep" = ".wmv"
[HKCR\MSBD]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\WMSFile]
"(Default)" = "Windows Media Player Skin File"
[HKCR\MIME\Database\Content Type\audio/wav]
"Extension" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Setup\Installed Versions]
"wmplayer.exe" = "00 00 09 00 97 11 00 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKCR\MIME\Database\Content Type\video/avi]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKCR\WMSFile\shell\open]
"(Default)" = "&Open"
[HKCR\.mpv2]
"(Default)" = "mpegfile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/aiff" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"MediaType.Description" = "Windows Media Player Skin Package"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.asf]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\MediaPlayer]
"MP2.SaveDir" = "%Program Files%\Windows Media Player"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"Extension.Key" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\MIME\Database\Content Type\midi/mid]
"Extension" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"Extension.Handler" = "WVXFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"Extension.MIME" = "video/mpeg"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".aiff" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKCR\WPLFile]
"(Default)" = "Windows Media playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wav]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"PerceivedType" = "audio"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mp2" = ""
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mp3" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCR\WVXFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10002"
[HKCR\AIFFFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"Extensions.SpaceSep" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpeg]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"Extension.Key" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"Extension.Key" = ".mid"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mpv2" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\.wmv]
"(Default)" = "WMVFile"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mpe" = ""
[HKCR\.wmx]
"Content Type" = "video/x-ms-wmx"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mpg" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmv]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"ReplaceApps" = "*.*"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"SuperiorApps" = "wmplayer.exe"
[HKCR\MIDFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"AlreadyRegistered" = "yes"
[HKCR\mpegfile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"CLSID" = "{cd3afa84-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"MediaType.DescriptionID" = "9907"
[HKCR\MMST]
"Animation" = "dxmasf.dll,150"
[HKCR\WVXFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"Extensions.SpaceSep" = ".wav"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mpeg" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10017"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"Runtime" = "11"
[HKCR\WMP.DVR-MSFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"Extension.Handler" = "mpegfile"
[HKCR\MIDFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".aif" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Shell.Open" = "/prefetch:5 /Open %L"
[HKCR\WPLFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\MIME\Database\Content Type\video/x-msvideo]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/mp3" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"MCIHandler" = "MPEGVideo"
[HKCR\cdafile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"MCIHandler" = "MPEGVideo"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".midi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"MediaType.DescriptionID" = "9905"
[HKCR\HTTP\AnimExtensions]
".wvx" = "dxmasf.dll,150"
[HKCR\ASFFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:7 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"AlreadyRegistered" = "yes"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/mpg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"273" = "273,66"
[HKCR\.rmi]
"(Default)" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKCR\WPLFile\DefaultIcon]
"(Default)" = "%System%\wmploc.dll,-616"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
"ReplaceApps" = "*.*"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmst]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival]
"MSPlayMediaOnArrival" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKCR\WMVFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-mpegurl" = "m3u"
[HKCR\MSBD]
"Animation" = "dxmasf.dll,150"
[HKCR\MIME\Database\Content Type\audio/x-mpeg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wvx]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"MCIHandler" = "MPEGVideo"
[HKCR\MIME\Database\Content Type\video/mpeg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"MediaType.DescriptionID" = "9914"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"Provider" = "@wmploc.dll,-6502"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"PerceivedType" = "audio"
[HKCR\SystemFileAssociations\.mp3\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"Extension.Handler" = "mpegfile"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".avi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10018"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"Extension.Handler" = "ASXFile"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpe]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"Extensions.CommaSep" = "au,snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"Extensions" = ".au .snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpg]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"(Default)" = "DVD Video"
[HKCR\MSBD\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"Extension.Handler" = "AUFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmst]
"MIMEType" = "video/x-ms-asf"
[HKCR\.aifc]
"Content Type" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"MediaType.Description" = "Movie Clip"
[HKCR\SoundRec]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"Extension.Handler" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Runtime" = "6"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wpl" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"Extensions.SpaceSep" = ".m3u"
[HKCR\SystemFileAssociations\.wpl\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\Media Type\Extensions\.m3u]
"Media Type" = "{e436eb83-524f-11ce-9f53-0020af0ba770}"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".cda" = ""
[HKCR\mpegfile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmsu]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aiff]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmst]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\MIME\Database\Content Type\audio/x-mid]
"Extension" = ".mid"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mpa" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mpg" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mpe" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"Extension.Handler" = "ASFFile"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"MIME Types" = "audio/wav audio/x-wav"
[HKCR\MIDFile]
"(Default)" = "MIDI Sequence"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"ReplaceApps" = "*.*"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"MediaType.Description" = "Wave Sound"
[HKCR\WMVFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mp2" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Setup]
"LibraryMigrated" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"Extension.MIME" = "application/vnd.ms-wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"Extension.Key" = ".mp3"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/basic" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"Extensions.CommaSep" = "mp3"
[HKCR\WMP.DVR-MSFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmst]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"Extensions.CommaSep" = "wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"MediaType.DescriptionID" = "9913"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"Extension.Handler" = "m3ufile"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-mp3" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mpeg" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"(Default)" = "AIFF audio file (aiff)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\unknown]
"ReplaceApps" = "wmplayer.exe"
[HKCR\m3ufile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"MediaType.Description" = "Video Clip"
[HKCR\WVXFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\MIME\Database\Content Type\audio/mpg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\mpegfile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"Extensions.CommaSep" = "wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKCR\cdafile\shell\open]
"(Default)" = "&Open"
[HKCR\MMS]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"SuperiorApps" = "wmplayer.exe"
[HKCR\.wax]
"Content Type" = "audio/x-ms-wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"(Default)" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-mpg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mpeg" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"PerceivedType" = "video"
[HKCR\WMVFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"MCIHandler" = "Sequencer"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".midi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"Version" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"Extensions.SpaceSep" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"PerceivedType" = "audio"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-wm" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\mp3file\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\MIME\Database\Content Type\audio/mpg]
"Extension" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"Description" = "Includes files with .mpeg, .mpg, .mpe, .mv1, .mp2, .mpv2, .mp2v, and .mpa extensions."
[HKCR\WMP.AudioCD\Shell\Play\Command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:3 /device:AudioCD %L"
[HKCR\MIME\Database\Content Type\video/x-ms-wvx]
"Extension" = ".wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"AlreadyRegistered" = "yes"
[HKCR\MIME\Database\Content Type\audio/mpegurl]
"Extension" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"Extension.Handler" = "ASFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"Extension.Key" = ".wmx"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.snd]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"Provider" = "@wmploc.dll,-6502"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"Provider" = "@wmploc.dll,-6502"
[HKCR\wmafile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKCR\Media Type\Extensions\.wma]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"Extensions.CommaSep" = "avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmsu]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"Extensions.CommaSep" = "avi"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpa]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"DefaultIcon" = "%ProgramFiles%\Windows Media Player\wmplayer.exe,0"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"MCIHandler" = "MPEGVideo"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-mpeg" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKCR\SystemFileAssociations\audio\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wpl" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"MediaType.DescriptionID" = "9902"
[HKCR\Media Type\Extensions\.wm]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"Description" = "Includes files with .au, and .snd extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Runtime" = "6"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"Extensions.CommaSep" = "avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"Runtime" = "9"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/wav" = "wav"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".rmi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"Extensions.SpaceSep" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"MediaType.Icon" = "dxmasf.dll,-501"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"Runtime" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9995"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9992"
[HKCR\ASFFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"MediaType.DescriptionID" = "9904"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10010"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Extension.MIME" = "video/x-ms-wm"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wvx]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\%Program Files%\Windows Media Player]
"wmplayer.exe" = "Yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Extension.MIME" = "video/mpeg"
[HKCR\DVD\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:4 /device:DVD %L"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/mpg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"Extension.Handler" = "WMVFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"MIME Types" = "video/x-ms-wmv video/x-ms-wvx"
[HKCR\WAXFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Permissions" = "15"
[HKCR\MIME\Database\Content Type\application/x-ms-wmd]
"CLSID" = "{ee4da6a4-8c52-4a63-bbb8-97c93d7e1b6c}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Permissions" = "15"
[HKCR\WVXFile]
"EditFlags" = "00 00 01 00"
[HKCR\AVIFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"Provider" = "@wmploc.dll,-6502"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpe]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"AlreadyRegistered" = "yes"
[HKCR\wmafile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Extension.MIME" = "video/mpeg"
[HKCR\.asx]
"(Default)" = "ASXFile"
[HKCR\MIDFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\.mpg]
"(Default)" = "mpegfile"
[HKCR\ASFFile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"Extensions" = ".mpeg .mpg .mpe .m1v .mp2 .mpv2 .mp2v .mpa"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m1v]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmsu]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"Extension.Handler" = "mp3file"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"Extension.Handler" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"PerceivedType" = "video"
[HKCR\.mp2v]
"(Default)" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"MediaType.Icon" = "quartz.dll,-300"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"MediaType.Description" = "MIDI Sequence"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"Runtime" = "11"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"MCIHandler" = "MPEGVideo"
[HKCR\m3ufile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Extension.Handler" = "mpegfile"
[HKCR\MIDFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"Runtime" = "3"
[HKCR\cdafile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmst]
"Icon" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKCR\SystemFileAssociations\.mp2\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"Extension.Key" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"MediaType.Icon" = "quartz.dll,-202"
[HKCR\Media Type\Extensions\.m3u]
"SubType" = "{a98c8400-4181-11d1-a520-00a0d10129c0}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"Extension.Handler" = "mpegfile"
[HKCR\AudioCD\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:3 /device:AudioCD %L"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mid" = ""
[HKCR\mp3file\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"Extension.Key" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"Extension.MIME" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"MediaType.DescriptionID" = "9903"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"ReplaceApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"MediaType.Description" = "Movie Clip"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mp2v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKCR\cdafile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKCR\WMVFile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\Descriptions]
"9" = "Microsoft Recorded TV Show (*.dvr-ms)"
[HKCR\MIME\Database\Content Type\audio/mp3]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\WAXFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10023"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/mpeg" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"MediaType.DescriptionID" = "9914"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"Extensions.CommaSep" = "wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|iexplore.exe"
[HKCR\MIME\Database\Content Type\audio/x-ms-wma]
"Extension" = ".wma"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"MediaType.DescriptionID" = "9907"
[HKCR\ASFFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"MediaType.Description" = "Windows Media Audio file"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\SoundRec\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"(Default)" = "AU audio file (au)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"ReplaceApps" = "*.*"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-mp3" = "mp3"
[HKCR\AUFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\ASFFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"(Default)" = "Windows Media file (asf)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"Extension.MIME" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"PerceivedType" = "audio"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".aiff" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"MCIHandler" = "MPEGVideo"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".aifc" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Extension.Handler" = "WMAFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"MediaType.Description" = "Microsoft Recorded TV Show"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10020"
[HKCR\WPLFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKCR\.asf]
"(Default)" = "ASFFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-mpg" = "mp3"
[HKCR\SystemFileAssociations\.midi\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\wmafile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:5 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\SystemFileAssociations\audio\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"CheckSupportedTypes" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"Extension.Handler" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\msbd]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\MMST\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKCR\DVD\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"Action" = "@wmploc.dll,-6505"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"Extensions.SpaceSep" = ".aif .aifc .aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"Extension.Handler" = "WMAFile"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aiff]
"MPlayer2.Set" = "yes"
[HKCR\SystemFileAssociations\video\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"CheckSupportedTypes" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"Permissions" = "15"
[HKCR\WPLFile\shell\play]
"(Default)" = "&Play"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".rmi" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mp2v" = ""
[HKCR\cdafile]
"(Default)" = "CD Audio Track"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mms]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"Extensions.SpaceSep" = ".wma"
[HKCR\mpegfile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"Extensions" = ".aif .aifc .aiff"
[HKCR\ASFFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"MediaType.DescriptionID" = "9904"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"MediaType.Description" = "Windows Media Player Download Package"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"Extension.Key" = ".avi"
[HKCR\MIME\Database\Content Type\video/x-ms-wm]
"CLSID" = "{cd3afa92-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"Extensions" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\WAXFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wm" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"AlreadyRegistered" = "yes"
[HKCR\MIME\Database\Content Type\video/x-mpeg2a]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"(Default)" = "Movie file (mpeg)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"Extensions.SpaceSep" = ".wvx"
[HKCR\MIME\Database\Content Type\audio/x-midi]
"Extension" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"Extensions.SpaceSep" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"MediaType.Icon" = "quartz.dll,-300"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"Extensions.CommaSep" = "wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\WMP.DVR-MSFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"Description" = "Includes files with .asf, .asx, .dvr-ms, .wpl, .wm, .wmx, .wmd, and .wmz extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"Extension.Handler" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"MediaType.DescriptionID" = "9908"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"(Default)" = "AIFF audio file (aiff)"
[HKCR\MIME\Database\Content Type\audio/mpeg]
"Extension" = ".mp3"
[HKCR\MIME\Database\Content Type\audio/x-wav]
"Extension" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"MediaType.DescriptionID" = "9925"
[HKCR\SystemFileAssociations\.mpeg\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"Extension.Key" = ".avi"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"MediaType.DescriptionID" = "9910"
[HKCR\.au]
"(Default)" = "AUFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\msbd]
"Icon" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"Extension.Handler" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"Extensions.CommaSep" = "wav"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.m3u]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"MediaType.Description" = "Windows Media Audio/Video file"
[HKCR\ASXFile\shell\play]
"(Default)" = "&Play"
[HKCR\.mpeg]
"(Default)" = "mpegfile"
[HKCR\SystemFileAssociations\.dvr-ms\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"(Default)" = "Windows video file (avi)"
[HKCR\AIFFFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"Extensions.CommaSep" = "wmx"
[HKCR\Media Type\Extensions\.dvr-ms]
"Source Filter" = "{C9F5FE02-F851-4eb5-99EE-AD602AF1E619}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10018"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"CLSID" = "{cd3afa94-b84f-48f0-9393-7edc34128127}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-wmv" = "wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"CLSID" = "{cd3afa72-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mms]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"MediaType.Icon" = "quartz.dll,-201"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"Shell.Open" = "/prefetch:6 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"Extensions.CommaSep" = "wax"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"MIME Types" = "audio/mpeg audio/mpg audio/mp3 audio/x-mpeg audio/x-mpg audio/x-mp3 audio/mpegurl audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.midi]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-ms-wma" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"Shell.AltVerb.Cmd" = "/prefetch:5 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9996"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"MediaType.Description" = "AU Format Sound"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-asf" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"Runtime" = "7"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".au" = ""
[HKCR\.wmz]
"Content Type" = "application/x-ms-wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10003"
[HKCR\WMP.DVR-MSFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"PerceivedType" = "audio"
[HKCR\WMZFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\AVIFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:8 /Play %L"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wmd" = ""
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wma" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"MediaType.Icon" = "quartz.dll,-203"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wmx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"Extension.MIME" = "audio/aiff"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wmv" = ""
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wms" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"MediaType.DescriptionID" = "9908"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Runtime" = "6"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"MediaType.Description" = "AIFF Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"MediaType.Icon" = "quartz.dll,-300"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"Runtime" = "11"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"Shell.AltVerb.Cmd" = "/prefetch:6 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKCR\cdafile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"Extension.Key" = ".wmz"
[HKCR\MIME\Database\Content Type\video/x-mpeg2a]
"Extension" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"Permissions" = "15"
[HKCR\SystemFileAssociations\.wmx\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\WMP.DVR-MSFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"MediaType.Icon" = "quartz.dll,-201"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"SuperiorApps" = "wmplayer.exe"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-wm" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\mp3file\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"AlreadyRegistered" = "yes"
[HKCR\MIME\Database\Content Type\application/x-mplayer2]
"Extension" = ".asx"
[HKCR\WAXFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmz]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"Extensions" = ".wmv .wvx"
[HKCR\Media Type\Extensions\.wmx]
"Animation" = "dxmasf.dll,150"
[HKCR\MIME\Database\Content Type\audio/x-ms-wax]
"Extension" = ".wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"AlreadyRegistered" = "yes"
[HKCR\MIME\Database\Content Type\audio/x-mpegurl]
"Extension" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"MediaType.Icon" = "dxmasf.dll,-501"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"(Default)" = "MP3 audio file (mp3)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"MediaType.Description" = "AU Format Sound"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wvx" = ""
[HKCR\HTTP\AnimExtensions]
".asf" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Permissions" = "15"
[HKCR\HTTP\AnimExtensions]
".asp" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"Extension.MIME" = "video/mpeg"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mp2v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"Extension.Key" = ".asx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"PerceivedType" = "audio"
[HKCR\MIDFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKCR\SoundRec]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"MediaType.Description" = "Windows Media Audio/Video playlist"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32]
"MPEGVideo" = "mciqtz32.dll"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"Extensions.CommaSep" = "avi"
[HKCR\ASXFile\shell\play]
"LegacyDisable" = ""
[HKCR\.m1v]
"(Default)" = "mpegfile"
[HKCR\.wvx]
"Content Type" = "video/x-ms-wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"Extension.Key" = ".asx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"AlreadyRegistered" = "yes"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wm" = ""
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"Version" = "9,0,0,4503"
[HKCR\WMDFile]
"(Default)" = "Windows Media Player Download Package"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"SuperiorApps" = "wmplayer.exe"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".aifc" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".aiff" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"MediaType.Description" = "M3U file"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"SuperiorApps" = "wmplayer.exe"
[HKCR\.mid]
"(Default)" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"Extensions.SpaceSep" = ".wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10002"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"MediaType.Description" = "Windows Media Audio file"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"Extensions.SpaceSep" = ".aif .aifc .aiff"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".dvr-ms" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\msbd]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"MediaType.Icon" = "dxmasf.dll,-501"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Shell.AltVerb.Cmd" = "/prefetch:6 /Play %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpv2]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-mpeg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"MediaType.Description" = "MIDI Sequence"
[HKCR\ASXFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"Extension.MIME" = "audio/x-ms-wax"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wma" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wmd" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wmz" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wmv" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wmx" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wms" = ""
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wmv" = ""
[HKCR\.mpe]
"(Default)" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"ReplaceApps" = "wmplayer.exe"
[HKCR\SystemFileAssociations\.wma\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Extension.Handler" = "mp3file"
[HKCR\m3ufile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9994"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"(Default)" = "Windows audio file (wav)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
"Permissions" = "1"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-aiff" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wms" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival]
"MSWMPBurnCDOnArrival" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"MediaType.Description" = "Windows Media playlist"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpa]
"MPlayer2.Set" = "yes"
[HKCR\MIME\Database\Content Type\audio/mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9996"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/mpeg" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"MediaType.Description" = "MIDI Sequence"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"(Default)" = "Windows Media file (asf)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Extension.Handler" = "ASFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"MediaType.Icon" = "dxmasf.dll,-501"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"MediaType.Description" = "CD Audio Track"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"Extension.Handler" = "mpegfile"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wpl" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"Description" = "Includes files with .aif, .aifc, and .aiff extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"Extension.MIME" = "audio/x-ms-wma"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"Extension.Handler" = "midfile"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\Types]
"9" = "*.dvr-ms"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"MediaType.Description" = "MIDI Sequence"
[HKCR\.asx]
"Content Type" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\SoundRec\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\MIME\Database\Content Type\audio/x-ms-wma]
"CLSID" = "{cd3afa84-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".aif" = ""
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.asf]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"MCIHandler" = "MPEGVideo"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/mpeg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/mp3" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\AudioCD]
"ReplaceApps" = "wmplayer.exe|cdplayer.exe|deluxecd.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"MediaType.DescriptionID" = "9905"
[HKCR\AVIFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"Shell.AltVerb.Cmd" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/mpg" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKCR\MMSU]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"SuperiorApps" = "wmplayer.exe"
[HKCR\MIME\Database\Content Type\video/x-ms-wmv]
"CLSID" = "{cd3afa94-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wm]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"Shell.Open" = "/prefetch:8 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"Runtime" = "3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"MediaType.DescriptionID" = "9907"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"Extensions.SpaceSep" = ".avi"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"6172" = "6172,98,116"
[HKCR\AUFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"MIME Types" = "video/avi video/msvideo video/x-msvideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"MediaType.Description" = "AIFF Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"(Default)" = "MP3 audio file (mp3)"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2v]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"MIME Types" = "video/mpeg video/x-mpeg video/x-mpeg2a video/mpg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|iexplore.exe"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wpl" = ""
[HKCR\SystemFileAssociations\video\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".au" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"Action" = "Transfer Files"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\SystemFileAssociations\.mp2v\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"PerceivedType" = "video"
[HKCR\SoundRec\shell\play]
"(Default)" = "&Play"
[HKCR\.wmdb]
"(Default)" = "WMP.WMDBFile"
[HKCR\WMSFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\WMZFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"SuperiorApps" = "wmplayer.exe"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wm" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".aif" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"(Default)" = "Movie file (mpeg)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"Extensions.SpaceSep" = ".wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"MediaType.Icon" = "quartz.dll,-200"
[HKCR\.mpe]
"Content Type" = "video/mpeg"
[HKCR\WPLFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Extension.MIME" = "video/avi"
[HKCR\WMZFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"(Default)" = "Windows video file (avi)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"MediaType.DescriptionID" = "9903"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\cdafile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"Runtime" = "7"
[HKCR\AVIFile]
"EditFlags" = "00 00 01 00"
[HKCR\MIME\Database\Content Type\audio/midi]
"Extension" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"PerceivedType" = "video"
[HKCR\AIFFFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"Extension.Handler" = "AUFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Extension.MIME" = "audio/x-ms-wma"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"Extension.Handler" = "WPLFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-wmx" = "asf,asx,wm,wmx"
[HKCR\.snd]
"Content Type" = "audio/basic"
[HKCR\.m1v]
"Content Type" = "video/mpeg"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/basic" = "au,snd"
[HKCR\MIDFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"Extensions.SpaceSep" = ".m3u"
[HKCR\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{7D4734E6-047E-41e2-AEAA-E763B4739DC4}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"Shell.Open" = "/layout:%L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"Extension.Key" = ".mid"
[HKCR\MIME\Database\Content Type\audio/x-mpegurl]
"CLSID" = "{cd3afa78-b84f-48f0-9393-7edc34128127}"
[HKCR\WPLFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"SuperiorApps" = "wmplayer.exe"
[HKCR\.wmd]
"(Default)" = "WMDFile"
[HKCR\.wax]
"(Default)" = "WAXFile"
[HKCR\WAXFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKCR\AudioCD\shell]
"(Default)" = "Play"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"PerceivedType" = "video"
[HKCR\SystemFileAssociations\.avi\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Extension.MIME" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"Extension.MIME" = "video/x-ms-wmx"
[HKCR\AIFFFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\WAXFile]
"(Default)" = "Windows Media Audio shortcut"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"CLSID" = "{cd3afa72-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"MCIHandler" = "Sequencer"
[HKCR\WMZFile]
"(Default)" = "Windows Media Player Skin Package"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"MediaType.Description" = "Movie Clip"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-mid" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"Protocols" = "mms mmst mmsu msbd"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"Action" = "@wmploc.dll,-6504"
[HKCR\.m3u]
"Content Type" = "audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"PerceivedType" = "video"
[HKCR\m3ufile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\SystemFileAssociations\.aif\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\Media Type\Extensions\.asf]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"Extension.Key" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"MediaType.DescriptionID" = "9902"
[HKCR\.mp2]
"Content Type" = "video/mpeg"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".au" = ""
[HKCR\MIME\Database\Content Type\audio/x-mpeg]
"Extension" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"MCIHandler" = "MPEGVideo"
[HKCR\AVIFile\shell\play]
"(Default)" = "&Play"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wma]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp3]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"Extension.MIME" = "video/avi"
[HKCR\SystemFileAssociations\video\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"CheckSupportedTypes" = ""
[HKCR\WPLFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10015"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/mpegurl" = "m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"Shell.Open" = "/prefetch:7 /Open %L"
[HKCR\SystemFileAssociations\video\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"Extension.Handler" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"MediaType.DescriptionID" = "9926"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aifc]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"Extension.Handler" = "avifile"
[HKCR\MIME\Database\Content Type\audio/x-mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKCR\WMP.DVR-MSFile\shell\open]
"(Default)" = "&Open"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mp3" = ""
[HKCR\AIFFFile\shell]
"(Default)" = "play"
[HKCR\MMST\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe %L"
[HKCR\mp3file]
"(Default)" = "MP3 Format Sound"
[HKCR\MMSU]
"Animation" = "dxmasf.dll,150"
[HKCR\WAXFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mid" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKCR\AUFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"Extension.MIME" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"Shell.AltVerb.Cmd" = "/prefetch:8 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"MediaType.Description" = "AU Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9998"
[HKCR\m3ufile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mpe" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"MediaType.Icon" = "quartz.dll,-100"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mpa" = ""
[HKCR\WMP.WMDBFile]
"(Default)" = "Windows Media Library"
[HKCR\Media Type\Extensions\.asx]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"Extensions.CommaSep" = "au,snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"Extension.Key" = ".wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mms]
"Icon" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wmz" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Permissions" = "15"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wms" = ""
[HKCR\wmafile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:5 /Open %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.avi]
"MPlayer2.Set" = "yes"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wmv" = ""
[HKCR\AUFile\shell\play]
"LegacyDisable" = ""
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wma" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9994"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wmd" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"Description" = "Includes files with .wmv and .wvx extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"NavPrereg" = "No"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10012"
[HKCR\MIME\Database\Content Type\audio/wav]
"CLSID" = "{cd3afa7b-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"Extension.Key" = ".asx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"Runtime" = "11"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"Extensions" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"Extensions.CommaSep" = "avi"
[HKCR\WAXFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-mpeg2a" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\HTTP\AnimExtensions]
".nsc" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"Extensions.SpaceSep" = ".wma"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".dvr-ms" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mpv2" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp3]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"Extensions.SpaceSep" = ".wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"MediaType.Description" = "Movie Clip"
[HKCR\AVIFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmx]
"MPlayer2.Set" = "yes"
[HKCR\MIDFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"AlreadyRegistered" = "yes"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mpv2" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"Extensions.CommaSep" = "aif,aifc,aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"Permissions" = "15"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".aifc" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"Extension.MIME" = "video/x-ms-wmx"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".midi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"Permissions" = "1"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".m3u" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\DVD]
"DefaultIcon" = "shell32.dll,40"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"MediaType.Description" = "AU Format Sound"
[HKCR\.aiff]
"Content Type" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"MediaType.DescriptionID" = "9915"
[HKCR\.aif]
"Content Type" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"Extension.Key" = ".mid"
[HKCR\MIDFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmv]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"InvokeProgID" = "WMP.BurnCD"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\wmafile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"Description" = "Includes files with .wav extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"Extension.Key" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"Extensions.SpaceSep" = ".mpeg .mpg .mpe .mpv .m1v .mp2 .mpa .mpv2 .mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"Extensions.CommaSep" = "m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"AlreadyRegistered" = "yes"
[HKCR\WVXFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKCR\mpegfile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"CLSID" = "{ee4da6a4-8c52-4a63-bbb8-97c93d7e1b6c}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\AIFFFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival]
"MSPlayCDAudioOnArrival" = ""
[HKCR\m3ufile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\.midi]
"Content Type" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"CLSID" = "{cd3afa83-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Extension.MIME" = "video/mpeg"
[HKCR\wmafile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"Extension.MIME" = "application/x-ms-wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"AlreadyRegistered" = "yes"
[HKCR\.aifc]
"(Default)" = "AIFFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"Extension.Handler" = "WAXFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10012"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"Extension.Key" = ".aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"Extensions.SpaceSep" = ".aif .aifc .aiff"
[HKCR\MIME\Database\Content Type\video/x-ms-asf]
"Extension" = ".asx"
[HKCR\MIME\Database\Content Type\audio/aiff]
"CLSID" = "{cd3afa72-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"Extension.Key" = ".mid"
[HKCR\MIME\Database\Content Type\video/x-ms-asf-plugin]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10022"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"Extension.Handler" = "mpegfile"
[HKCR\.wmv]
"Content Type" = "video/x-ms-wmv"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/mpg" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"MediaType.Description" = "Wave Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"MCIHandler" = "MPEGVideo"
[HKCR\MIME\Database\Content Type\audio/x-midi]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"Description" = "Includes files with .avi extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"Extensions.SpaceSep" = ".avi"
[HKCR\Media Type\Extensions\.dvr-ms]
"Media Type" = "{e436eb83-524f-11ce-9f53-0020af0ba770}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"Extension.Handler" = "WAXFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wmd" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"Extension.MIME" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"MCIHandler" = "MPEGVideo"
[HKCR\AUFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"Permissions" = "15"
[HKCR\WMP.DVR-MSFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"Extensions" = ".wmv .wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"MediaType.DescriptionID" = "9918"
[HKCR\MIME\Database\Content Type\video/x-ms-wmv]
"Extension" = ".wmv"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"InvokeVerb" = "play"
[HKCR\WMP.WMDBFile]
"NoOpen" = ""
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mpv2" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"Extensions.CommaSep" = "wmx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/mid" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\ASXFile]
"(Default)" = "Windows Media Audio/Video playlist"
[HKCR\WMP.DVR-MSFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Runtime" = "3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"PerceivedType" = "video"
[HKCR\mpegfile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\SystemFileAssociations\.aiff\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\m3ufile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"PerceivedType" = "video"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".asf" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"MediaType.Description" = "AIFF Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\SoundRec\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"Extension.Handler" = "mpegfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"Shell.Open" = "/layout:%L"
[HKCR\WMP.DVR-MSFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"Extension.Handler" = "soundrec"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".asx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE17" = "audio/x-ms-wma"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE16" = "audio/x-ms-wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
"Runtime" = "10"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE14" = "audio/x-mpegurl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"Extension.Key" = ".au"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE12" = "audio/x-mp3"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE11" = "audio/x-midi"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE10" = "audio/x-mid"
[HKCR\SystemFileAssociations\.wvx\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\AVIFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE19" = "midi/mid"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE18" = "audio/x-wav"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/mpeg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"MediaType.Description" = "Movie Clip"
[HKCR\.au]
"Content Type" = "audio/basic"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\MIME\Database\Content Type\video/msvideo]
"CLSID" = "{cd3afa88-b84f-48f0-9393-7edc34128127}"
[HKCR\.wm]
"(Default)" = "ASFFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"Extension.Key" = ".mpeg"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".aifc" = ""
[HKCR\WMZFile\DefaultIcon]
"(Default)" = "%System%\wmploc.dll,-617"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".m1v" = ""
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.au]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"MediaType.Icon" = "quartz.dll,-203"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10021"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"MediaType.Icon" = "dxmasf.dll,-500"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"Extensions.CommaSep" = "mp3"
[HKCR\AVIFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"MediaType.Icon" = "%System%\wmploc.dll,-617"
[HKCR\MIME\Database\Content Type\application/x-ms-wmz]
"Extension" = ".wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival]
"InvokeVerb" = "Burn"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"(Default)" = "Windows Media Audio file (wma)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKCR\SystemFileAssociations\.mpv2\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\MIME\Database\Content Type\audio/midi]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Shell.AltVerb.Cmd" = "/prefetch:5 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"Shell.AltVerb.Cmd" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"Description" = "Includes files with .au, and .snd extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9992"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"Extension.MIME" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"AlreadyRegistered" = "yes"
[HKCR\MIDFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"MIME Types" = "audio/wav audio/x-wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mms]
"MIMEType" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"Extension.Key" = ".mid"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival]
"InvokeProgID" = "WMP.AudioCD"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\MIME\Database\Content Type\audio/x-mp3]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\AUFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10021"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"PerceivedType" = "video"
[HKCR\MIME\Database\Content Type\video/mpg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKCR\ASFFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"MediaType.DescriptionID" = "9911"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"ReplaceApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"PerceivedType" = "video"
[HKCR\WVXFile\shell\play]
"LegacyDisable" = ""
[HKCR\m3ufile\shell\play]
"(Default)" = "&Play"
[HKCR\SystemFileAssociations\.m1v\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"Extensions" = ".wma .wax"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Preferences]
"MyPlayLists" = "%Documents and Settings%\All Users\Documents\My Music\Sample Playlists"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"Extension.Key" = ".mp3"
[HKCR\.mpeg]
"Content Type" = "video/mpeg"
[HKCR\ASXFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"MCIHandler" = "MPEGVideo"
[HKCR\WVXFile\shell\open]
"(Default)" = "&Open"
[HKCR\WAXFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\PROGRA~1\WINDOW~2]
"wmplayer.exe" = "Yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Extension.MIME" = "video/x-ms-wmv"
[HKCR\mpegfile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"Devices" = "DVD"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpeg]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"MediaType.DescriptionID" = "9916"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKCR\MIME\Database\Content Type\audio/x-mpg]
"Extension" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"ReplaceApps" = "*.*"
[HKCR\mp3file]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"PerceivedType" = "video"
[HKCR\m3ufile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\WMP.DVR-MSFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"Extension.MIME" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"Extension.MIME" = "audio/wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"Version" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"Extensions.SpaceSep" = ".au .snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKCR\SoundRec\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"MediaType.DescriptionID" = "9911"
[HKCR\ASXFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".asf" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"MediaType.Icon" = "dxmasf.dll,-500"
[HKCR\WMP.WMDBFile]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9924"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"Description" = "Includes files with .wma and .wax extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival]
"InvokeVerb" = "Rip"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".asx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-9993"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"Extensions.SpaceSep" = ".au .snd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"(Default)" = "Windows Media Video file (wmv)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"MCIHandler" = "Sequencer"
[HKCR\WMP.DVD\Shell\Play\Command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:4 /device:DVD %L"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-midi" = "mid,midi,rmi"
[HKCR\wmafile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mp2" = ""
[HKCR\AUFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\WAXFile]
"EditFlags" = "00 00 01 00"
[HKCR\SystemFileAssociations\audio\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKCR\mp3file\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"Extensions.SpaceSep" = ".wvx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-wmv" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"MediaType.DescriptionID" = "9904"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"MediaType.Description" = "Movie Clip"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-wmx" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCR\wmafile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10020"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-ms-wax" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\AUFile\shell\open]
"LegacyDisable" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE23" = "video/msvideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"AlreadyRegistered" = "yes"
[HKCR\WMVFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"CLSID" = "{cd3afa78-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"Shell.Open" = "/prefetch:6 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10023"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE24" = "video/x-mpeg"
[HKCR\AudioCD\DefaultIcon]
"(Default)" = "%System%\shell32.dll,40"
[HKCR\MIME\Database\Content Type\video/x-msvideo]
"Extension" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"MCIHandler" = "MPEGVideo"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-ms-wax" = "wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"MIME Types" = "audio/x-ms-wma audio/x-ms-wax"
[HKCR\WMVFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"Extension.Handler" = "WVXFile"
[HKCR\HTTP\AnimExtensions]
"." = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"Description" = "Includes files with .avi extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"Description" = "Includes files with .mid, .midi, and .rmi extensions."
[HKCR\SystemFileAssociations\.asx\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKCR\SystemFileAssociations\.asf\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10013"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wax" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"Extension.MIME" = "audio/basic"
[HKCR\MIME\Database\Content Type\audio/x-mpg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".wav" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"(Default)" = "AU audio file (au)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKCR\AudioCD\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"Permissions" = "15"
[HKCR\AIFFFile]
"(Default)" = "AIFF Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKCR\WMDFile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"MCIHandler" = "MPEGVideo"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/aiff" = "aif,aifc,aiff"
[HKCR\WMDFile\shell]
"(Default)" = "open"
[HKCR\.mp3]
"Content Type" = "audio/mpeg"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wav]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"Extension.Key" = ".wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"MCIHandler" = "MPEGVideo"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE28" = "video/x-ms-wm"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE29" = "video/x-ms-wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\msbd]
"MIMEType" = "video/x-ms-asf"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE22" = "video/mpg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"Extensions.CommaSep" = "wvx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE20" = "video/avi"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE21" = "video/mpeg"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE26" = "video/x-ms-asf"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE27" = "video/x-ms-asf-plugin"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"Extensions.CommaSep" = "aif,aifc,aiff"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE25" = "video/x-mpeg2a"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".mpg" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/wav" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"Version" = "9,0,0,4503"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".rmi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"Extensions.CommaSep" = "wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"ReplaceApps" = "*.*"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".m1v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"Permissions" = "15"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"midi/mid" = "mid,midi,rmi"
[HKCR\ASXFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"CLSID" = "{cd3afa78-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"Runtime" = "11"
[HKCR\SystemFileAssociations\.mpe\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\MIME\Database\Content Type\application/x-ms-wmz]
"CLSID" = "{cd3afa71-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"MediaType.Icon" = "quartz.dll,-103"
[HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"Version" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"MIME Types" = "application/x-mplayer2 video/x-ms-asf video/x-ms-asf-plugin video/x-ms-wm video/x-ms-wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10011"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"AlreadyRegistered" = "yes"
[HKCR\AVIFile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Extension.Handler" = "mpegfile"
[HKCR\ASFFile]
"EditFlags" = "00 00 01 00"
[HKCR\WMVFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"Description" = "Includes files with .wav extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"Extension.Handler" = "ASXFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"Extensions.CommaSep" = "mpeg,mpg,mpe,mpv,m1v,mp2,mpa,mpv2,mp2v"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"Extension.Key" = ".asx"
[HKCR\.wvx]
"(Default)" = "WVXFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
"ReplaceApps" = "*.*"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"MediaType.DescriptionID" = "9926"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"AlreadyRegistered" = "yes"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/x-wav" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"Extensions.SpaceSep" = ".wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKCR\ASXFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKCR\WMSFile\DefaultIcon]
"(Default)" = "%System%\wmploc.dll,-617"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"Extension.MIME" = "video/mpeg"
[HKCR\.avi]
"(Default)" = "avifile"
[HKCR\MIME\Database\Content Type\audio/x-mp3]
"Extension" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"Extensions.CommaSep" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"Extension.MIME" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"Description" = "Includes files with .mpeg, .mpg, .mpe, .mv1, .mp2, .mpv2, .mp2v, and .mpa extensions."
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".wmx" = ""
[HKCR\SoundRec\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"Description" = "Includes files with .aif, .aifc, and .aiff extensions."
[HKCR\mpegfile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"PerceivedType" = "audio"
[HKCR\MIME\Database\Content Type\video/msvideo]
"Extension" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmsu]
"Icon" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10010"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"MIME Types" = "audio/basic"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/midi" = "mid,midi,rmi"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"116" = "116,98,6172"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"117" = "117,98"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wax" = ""
[HKCR\.mid]
"Content Type" = "audio/mid"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".wav" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"Extension.Handler" = "mpegfile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ms-wvx" = "wvx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"Extension.MIME" = "video/mpeg"
[HKCR\.snd]
"(Default)" = "AUFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"Extension.MIME" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\AUFile]
"(Default)" = "AU Format Sound"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wm]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\DVD]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\MIME\Database\Content Type\application/vnd.ms-wpl]
"CLSID" = "{cd3afa95-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"Extension.Key" = ".aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKCR\.wpl]
"Content Type" = "application/vnd.ms-wpl"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".snd" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer]
"Player.Path" = "%Program Files%\Windows Media Player\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\ASFFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\MediaPlayer\Setup\Installed Versions]
"wmp.dll" = "00 00 09 00 97 11 00 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"MCIHandler" = "MPEGVideo"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".midi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"MediaType.DescriptionID" = "9920"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler]
"CLSIDForCancel" = "{91778246-9BE4-4713-A651-E833B853CC30}"
[HKCR\m3ufile]
"(Default)" = "M3U file"
[HKCR\.wms]
"(Default)" = "WMSFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Extension.Handler" = "mpegfile"
[HKCR\AIFFFile]
"EditFlags" = "00 00 01 00"
[HKCR\WMDFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /WMPackage:%L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"MediaType.Description" = "Windows Media Audio shortcut"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Shell.Open" = "/prefetch:6 /Open %L"
[HKCR\MIME\Database\Content Type\video/x-ms-wm]
"Extension" = ".wm"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Shell.Open" = "/prefetch:8 /Open %L"
[HKCR\WMVFile]
"EditFlags" = "00 00 01 00"
[HKCR\MIME\Database\Content Type\audio/basic]
"Extension" = ".au"
[HKCR\MIME\Database\Content Type\video/x-ms-wmx]
"Extension" = ".wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"MediaType.DescriptionID" = "9907"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"Description" = "Includes files with .mid, .midi, and .rmi extensions."
[HKCR\ASXFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"Extensions.SpaceSep" = ".wmd"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".mpeg" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE3" = "audio/midi"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE2" = "audio/mid"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE1" = "audio/basic"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"Runtime" = "7"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE6" = "audio/mpegurl"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE5" = "audio/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"(Default)" = "Music CD Playback"
[HKCR\SystemFileAssociations\.wmv\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE9" = "audio/x-aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"MCIHandler" = "Sequencer"
[HKCR\m3ufile\shell\play]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"FriendlyTypeName" = "@%WinDir%\inf\unregmp2.exe,-10000"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"Extension.MIME" = "video/mpeg"
[HKCR\SoundRec\shell\play]
"LegacyDisable" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE31" = "video/x-ms-wvx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE30" = "video/x-ms-wmx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"TYPE32" = "video/x-msvideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"MediaType.Icon" = "quartz.dll,-202"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"Extension.Handler" = "midfile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"MCIHandler" = "MPEGVideo"
[HKCR\CLSID\{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}\SupportedTypes]
".m3u" = ""
[HKCR\mpegfile]
"(Default)" = "Movie Clip"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".mid" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"AlreadyRegistered" = "yes"
[HKCR\MIME\Database\Content Type\audio/mpeg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"Extension.Key" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|iexplore.exe"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"Extensions" = ".asf .asx .dvr-ms .wpl .wm .wmx .wmd .wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\AudioCD]
"DefaultIcon" = "%System%\shell32.dll,40"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"InvokeVerb" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wpl]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"CLSID" = "{cd3afa7b-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"MIME Types" = "video/mpeg video/x-mpeg video/x-mpeg2a video/mpg"
[HKCR\MIME\Database\Content Type\video/x-ms-asf-plugin]
"Extension" = ".asx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"Extension.MIME" = "audio/wav"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".asf" = ""
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".asx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"Extension.Key" = ".m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"MediaType.DescriptionID" = "9909"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 92 3A E7 6C D2 21 BD F0 BE 1F 96 3E 43 68 AB"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mid]
"MPlayer2.Set" = "yes"
[HKCR\SoundRec\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mms]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\ASXFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"Extensions.CommaSep" = "wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmsu]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"MIME Types" = "audio/mid audio/midi audio/x-mid audio/x-midi midi/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"Extension.Handler" = "WMSFile"
[HKCR\mp3file]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mpv2]
"MPlayer2.Set" = "yes"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".snd" = ""
[HKCR\WVXFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\m3ufile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"MediaType.Description" = "MIDI Sequence"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"Extension.MIME" = "application/x-ms-wmz"
[HKCR\ASFFile\shell]
"(Default)" = "play"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings]
"Client ID" = "{544A98B0-71E1-4D29-A0C5-766DB6F329EE}"
[HKCR\Media Type\Extensions\.wmv]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"Description" = "Includes files with .wma and .wax extensions."
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"Extension.Handler" = "soundrec"
[HKCR\SystemFileAssociations\.mpg\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"Permissions" = "1"
[HKCR\wmafile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKCR\MIME\Database\Content Type\audio/mp3]
"Extension" = ".mp3"
[HKCR\.wm]
"Content Type" = "video/x-ms-wm"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"ReplaceApps" = "mplayer2.exe|msdxm.ocx"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ms-asf-plugin" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\MMS]
"Animation" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"Extensions" = ".mp3 .m3u"
[HKCR\WPLFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"MediaType.Icon" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"MediaType.Description" = "Movie Clip"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\.mpa]
"Content Type" = "video/mpeg"
[HKCR\DVD\shell]
"(Default)" = "Play"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".snd" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dvr-ms]
"MediaType.DescriptionID" = "9927"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"CLSID" = "{cd3afa7b-b84f-48f0-9393-7edc34128127}"
[HKCR\Media Type\Extensions\.m3u]
"Source Filter" = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"Extension.Key" = ".mpeg"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".mp2v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"Extension.Key" = ".avi"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"(Default)" = "Microsoft Windows Media Player 6.4"
[HKCR\wmafile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"Extensions.CommaSep" = "m3u"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"Extension.Handler" = "mpegfile"
[HKCR\SystemFileAssociations\.wav\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"MCIHandler" = "MPEGVideo"
[HKCR\SystemFileAssociations\.aifc\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"Extension.MIME" = "video/mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"Permissions" = "15"
[HKCR\WMVFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmz]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\ASXFile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"DefaultIcon" = "%ProgramFiles%\Windows Media Player\wmplayer.exe,0"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"MediaType.Icon" = "quartz.dll,-103"
[HKLM\SOFTWARE\Microsoft\NetShow\Player\CodecMapper\ACM]
"105" = "105,98,117"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wma]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"Runtime" = "6"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"Shell.AltVerb.Cmd" = "/prefetch:7 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"Extension.Key" = ".wmx"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".m1v" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"MediaType.DescriptionID" = "9910"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\SystemFileAssociations\.wm\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"Extension.Key" = ".au"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"Extension.MIME" = "audio/basic"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival]
"Provider" = "@wmploc.dll,-6502"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"ReplaceApps" = "*.*"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.snd]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"Extensions" = ".wma .wax"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"Extension.MIME" = "audio/mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"MediaType.DescriptionID" = "9902"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"Shell.AltVerb.Cmd" = "/prefetch:8 /Play %L"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/avi" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"MediaType.DescriptionID" = "9909"
[HKCR\AVIFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"MediaType.DescriptionID" = "9902"
[HKCR\MIME\Database\Content Type\audio/x-aiff]
"CLSID" = "{cd3afa72-b84f-48f0-9393-7edc34128127}"
[HKCR\AIFFFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKCR\SoundRec\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"CLSID" = "{cd3afa89-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"Extensions" = ".avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"MediaType.Description" = "M3U file"
[HKCR\.wmz]
"(Default)" = "WMZFile"
[HKCR\WMP.DVR-MSFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKCR\MIDFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKCR\ASXFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks]
"Shortcut3" = "%Documents and Settings%\%current user%\Start Menu\Programs\Windows Media Player.lnk"
[HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks]
"Shortcut2" = "%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk"
[HKCR\WMZFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /layout:%L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"PerceivedType" = "image"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"Extension.Handler" = "AUFile"
[HKCR\WVXFile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/msvideo" = "avi"
[HKCR\MIME\Database\Content Type\audio/x-wav]
"CLSID" = "{cd3afa7b-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"Extension.Handler" = "mpegfile"
[HKCR\WMVFile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:7 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"Description" = "Includes files with .asf, .asx, .dvr-ms, .wpl, .wm, .wmx, .wmd, and .wmz extensions."
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival]
"MSPlayDVDMovieOnArrival" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wma" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"MediaType.Description" = "MP3 Format Sound"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wmz" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".wmx" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mms]
"Source Filter" = "{6B6D0800-9ADA-11d0-A520-00A0D10129C0}"
[HKCR\SystemFileAssociations\.au\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"(Default)" = "Windows Media Audio file (wma)"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmx]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\AIFFFile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".snd" = ""
[HKCR\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{7D4734E6-047E-41e2-AEAA-E763B4739DC4}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"CLSID" = "{cd3afa95-b84f-48f0-9393-7edc34128127}"
[HKCR\SoundRec\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"Extensions.CommaSep" = "asf,asx,wm,wmx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"DescriptionFriendlyName" = "@%WinDir%\inf\unregmp2.exe,-10022"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wax]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"Extension.MIME" = "audio/aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"Extensions.CommaSep" = "mp3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCR\CLSID\{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}\SupportedTypes]
".cda" = ""
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".avi" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"MCIHandler" = "MPEGVideo"
[HKCR\MIME\Database\Content Type\midi/mid]
"CLSID" = "{cd3afa74-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"Permissions" = "15"
[HKCR\AVIFile\shell\open]
"(Default)" = "&Open"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"PerceivedType" = "video"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"PerceivedType" = "audio"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-mid" = "mid,midi,rmi"
[HKCR\Applications\wmplayer.exe\SupportedTypes]
".cda" = ""
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-mpeg" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"RequiredFile" = "%System%\enable.dvd"
[HKCR\mp3file\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
"Runtime" = "6"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"Extensions.SpaceSep" = ".aif .aifc .aiff"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival]
"MSPlayMediaOnArrival" = ""
[HKCR\MMS\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"Extensions.SpaceSep" = ".asf .asx .wm .wmx"
[HKCR\WMP.DVR-MSFile\shellex\ContextMenuHandlers\WMPPlayAsPlaylist]
"(Default)" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"Extension.MIME" = "video/x-ms-wm"
[HKCR\wmafile]
"(Default)" = "Windows Media Audio file"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"Permissions" = "15"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\Applications\mplayer2.exe\SupportedTypes]
".aiff" = ""
[HKCR\HTTP\AnimExtensions]
".wax" = "dxmasf.dll,150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-msvideo" = "avi"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mp2]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\.aif]
"(Default)" = "AIFFFile"
[HKCR\AVIFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"MediaType.DescriptionID" = "9907"
[HKCR\MIME\Database\Content Type\application/vnd.ms-wpl]
"Extension" = ".wpl"
[HKCR\m3ufile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKCR\WMP.DVR-MSFile\DefaultIcon]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"AlreadyRegistered" = "yes"
[HKCR\SystemFileAssociations\.wax\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"MCIHandler" = "MPEGVideo"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"ReplaceApps" = "mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"Runtime" = "3"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"AlreadyRegistered" = "yes"
[HKCR\ASXFile\shell\play\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"Extension.MIME" = "video/x-ms-asf"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKCR\MIME\Database\Content Type\audio/x-ms-wax]
"CLSID" = "{cd3afa83-b84f-48f0-9393-7edc34128127}"
[HKCR\MIDFile\DefaultIcon]
"(Default)" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe,-120"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"ReplaceApps" = "wmplayer.exe|sndrec32.exe|mplay32.exe|mplayer.exe|cdplayer.exe|deluxecd.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"Extensions.CommaSep" = "avi"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"MediaType.DescriptionID" = "9909"
[HKCR\WMDFile\shell\open]
"(Default)" = "&Open"
[HKCR\WPLFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD]
"Description" = "DVD Video playback."
[HKCR\AIFFFile\shell\open]
"LegacyDisable" = ""
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"Extension.MIME" = "audio/mpeg"
[HKCR\.wma]
"Content Type" = "audio/x-ms-wma"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmd]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"Extension.Handler" = "WMDFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKCR\SystemFileAssociations\.rmi\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\wmafile\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"Extension.Key" = ".mid"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.wmd]
"(Default)" = "clsid:05589fa1-c356-11ce-bf01-00aa0055595a"
[HKCR\ASXFile\shell\open\DropTarget]
"CLSID" = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"CLSID" = "{cd3afa8f-b84f-48f0-9393-7edc34128127}"
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"Version" = "9,0,0,4503"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"Extension.Handler" = "midfile"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"midi/mid" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\mpegfile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"SuperiorApps" = "wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|amovie.ocx"
[HKCR\WMP.DVR-MSFile\shell]
"(Default)" = "play"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"ReplaceApps" = "mplayer2.exe|amovie.ocx|sndrec32.exe|mplay32.exe|mplayer.exe|iexplore.exe"
[HKCR\SystemFileAssociations\.mid\shellex\ContextMenuHandlers\WMPBurnAudioCD]
"(Default)" = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"Shell.Open" = "/WMPackage:%L"
[HKCR\.midi]
"(Default)" = "midfile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"audio/x-wav" = "wav"
[HKCR\.rmi]
"Content Type" = "audio/mid"
[HKCR\Media Type\Extensions\.dvr-ms]
"SubType" = "{e06d8023-db46-11cf-b4d1-00805f6cbbea}"
[HKCR\.m3u]
"(Default)" = "m3ufile"
[HKCR\m3ufile\shell\open\command]
"(Default)" = "%Program Files%\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"MCIHandler" = "Sequencer"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"audio/midi" = "C:\PROGRA~1\WINDOW~2\wmplayer.exe"
[HKCR\mpegfile]
"EditFlags" = "00 00 01 00"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"Shell.AltVerb.Cmd" = "/prefetch:6 /Play %L"
[HKCR\AUFile]
"PreferExecuteOnMismatch" = "1"
[HKCR\ASFFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"Extensions.CommaSep" = "wav"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"Shell.Open" = "/prefetch:9 /Open %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"CLSID" = "{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"
[HKCR\WVXFile\shell\play]
"(Default)" = "&Play"
[HKCR\MIME\Database\Content Type\application/x-ms-wmd]
"Extension" = ".wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"Extension.Key" = ".mpeg"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.aifc]
"MPlayer2.Set" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"Extension.Handler" = "AIFFFile"
[HKCR\MIDFile\shellex\ContextMenuHandlers\WMPAddToPlaylist]
"(Default)" = "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"CLSID" = "{cd3afa76-b84f-48f0-9393-7edc34128127}"
[HKCR\cdafile\shell\play]
"MUIVerb" = "@%SystemRoot%\inf\unregmp2.exe,-9991"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"Extension.Key" = ".aiff"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"Extensions.CommaSep" = "wmv"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"Extension.Key" = ".mid"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"Extensions.SpaceSep" = ".wmz"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"Extensions.SpaceSep" = ".mp3"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"Extensions" = ".cda"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"PerceivedType" = "audio"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"Runtime" = "7"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"Runtime" = "3"
[HKCR\DVD\DefaultIcon]
"(Default)" = "shell32.dll,40"
[HKCR\mpegfile]
"PreferExecuteOnMismatch" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"ReplaceApps" = "wmplayer.exe|mplayer2.exe|msdxm.ocx"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"Extension.Handler" = "m3ufile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"Extensions.SpaceSep" = ".mid .midi .rmi"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"Permissions" = "1"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\msbd]
"AlreadyRegistered" = "yes"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"Shell.AltVerb.Cmd" = "/prefetch:9 /Play %L"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"PerceivedType" = "image"
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\unknown]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m3u]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmx]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"application/x-ms-wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmst]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"application/x-ms-wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/wav]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aifc]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mms]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmv]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\application/x-mplayer2]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{6B6D0800-9ADA-11D0-A520-00A0D10129C0}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32]
"MPEGVideo2"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB86-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{6B6D0801-9ADA-11D0-A520-00A0D10129C0}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\ASF]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mp3]
"RequiredFile"
[HKCR\WMSFile]
"EditFlags"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wax]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mp3]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wvx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mid]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{640999A1-A946-11d0-A520-000000000000}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wm]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wax]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmv]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wav]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wm]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpegurl]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\AudioCD]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-aiff]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wav]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-wav]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.swf]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wpl]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/avi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmz]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpeg]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"video/x-ivf"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\mmsu]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MP3]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.snd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpeg]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.snd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wvx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\AVI]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mms]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpegurl]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-msvideo]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"video/x-ivf"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\""%Program Files%\Windows Media Player]
"wmplayer.exe"""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m1v]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpv2]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\WMV]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg2a]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wma]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\MPEG]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-wav]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp3]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.voxacm150"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\midi/mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-mpeg2a]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\midi/mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmv]
"RequiredFile"
[HKCR\WMDFile\shell\open]
"LegacyDisable"
[HKCR\WMZFile\shell\open]
"LegacyDisable"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.avi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.avi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2v]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WAV]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AU]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\%Program Files%\Windows Media Player]
"wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AU]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.gif]
"Extension.MIME"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB85-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmsu]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\WMV]
"RequiredFile"
[HKCR\cdafile\shell\open]
"LegacyDisable"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wmx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wax]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Devices\DVD]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3codec"
[HKCR\WMSFile\shell\open]
"LegacyDisable"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.au]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jfif]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB89-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.m3u]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MIDI]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asf]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{7364696D-0000-0010-8000-00AA00389B71}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-midi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asf]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wm]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aiff]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/basic]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\AIFF]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpegurl]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wm]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/basic]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aif]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/aiff]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8D-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.rmi]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpeg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-mplayer2]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wma]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wvx]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"application/x-mplayer2"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\ASF]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"application/x-mplayer2"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.asx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/msvideo]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\MP3]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}]
"Compatibility Flags"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\AIFF]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-wmx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mp3]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0]
"(Default)"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{640999A2-A946-11d0-A520-000000000000}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/wav]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpe]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wvx]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8B-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wma]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-ms-wax]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"application/x-ms-wmz"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.wms]
"Extension.MIME"
[HKCR\.cda]
"PerceivedType"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/x-ms-wma]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.cda]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/vnd.ms-wpl]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5AE-7548-11cf-A520-0080C77EF58A}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-msvideo]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{640999A0-A946-11d0-A520-000000000000}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpe]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WAV]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB8C-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{D51BD5A3-7548-11CF-A520-0080C77EF58A}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\application/x-ms-wmz]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-wmv]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\C:\PROGRA~1\WINDOW~2]
"wmplayer.exe"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MPEG]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.bmp]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/msvideo]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp3]
"RequiredFile"
[HKCR\cdafile\shell\play]
"LegacyDisable"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.wmx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mid]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.nsc]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.asx]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.voxacm"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"Extension.MIME"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"application/vnd.ms-wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/avi]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\User Trusted External Applications\""C:\PROGRA~1\WINDOW~2]
"wmplayer.exe"""
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mp2]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\MIDI]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\mmst]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"Extension.MIME"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Protocols\msbd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/x-ms-asf-plugin]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\WMA]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Audio\CDA]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]
"RequiredFile"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB87-524F-11CE-9F53-0020AF0BA770}]
"(Default)"
[HKCR\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}]
"(Default)"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.aif]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-ms-asf-plugin]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.au]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/mp3]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\audio/mpegurl]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.png]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Protocols\msbd]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.jpg]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers]
"application/x-ms-wmd"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Extensions\.mpa]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\MIME Types\video/mpg]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-mpeg]
"RequiredFile"
[HKU\.DEFAULT\Software\Netscape\Netscape Navigator\Suffixes]
"application/vnd.ms-wpl"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Video\AVI]
"RequiredFile"
[HKLM\SOFTWARE\Microsoft\Multimedia\MPlayer2\Groups\Audio\WMA]
"RequiredFile"
The process mscorsvw.exe:1912 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"
The process Baidusd_OnlineSetup_sid_30016.exe:1504 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E CA D4 1E 54 63 CD 2C 6E 7E 99 C1 8C C0 88 03"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process mumu.exe:3136 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 57 6B 31 C6 12 F4 3B DD E5 1D DB 4F 9A DC 76"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process taskkill.exe:2316 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 1F 60 DD 1C A6 B0 DE D3 67 9A 28 2E CF 1E D8"
The process uuu.exe:260 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 79 89 5B 88 3E 1C EE 11 C3 48 6D 4E F3 3A 9F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process Install-NO£º1.exe:2224 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 2A 81 48 85 52 06 A5 1D 19 BB 00 EC B7 4D 4F"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process V24.exe:1360 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 27 92 F6 8A B9 8B 93 57 EF 6B 2F 14 D7 D8 BF"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI]
"LogDpis" = "20121218"
The process x10.exe:576 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\CpMRU]
"InitHits" = "100"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 06 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1372428864"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062820130629]
"CachePrefix" = ":2013062820130629:"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062820130629]
"CacheOptions" = "11"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "x10.exe"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062820130629]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013062820130629\"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\CpMRU]
"Size" = "10"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\CpMRU]
"Enable" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062820130629]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 16 0A A8 83 FF 0E 93 E4 A7 8B D5 A9 D0 3B 2B"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\International\CpMRU]
"Factor" = "20"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062820130629]
"CacheRepair" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following registry key(s):
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130212]
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process lf_tgy.exe:1776 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 07 CB B4 E1 8D 63 3F BE C7 63 F0 B7 52 6C B9"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process regsvr32.exe:2596 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #5" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #4" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #7" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #6" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #1" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #0" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #3" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #2" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Cursors]
"Scheme Source" = "2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Size #8" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\RestoreDown\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #15" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #14" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #17" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #16" = "8421504"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOff]
"InstallVisualStyleSize" = "Normal"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOff]
"InstallVisualStyleColor" = "Windows Standard"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #12" = "8421504"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
"Empty" = "%SystemRoot%\System32\shell32.dll,31"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes]
"InstallTheme" = "%ResourceDir%\themes\Luna.theme"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #18" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes]
"InstallVisualStyle" = "%ResourceDir%\themes\Luna\Luna.msstyles"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"DllName" = "%SystemRoot%\resources\Themes\luna\luna.msstyles"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"SizeName" = "NormalSize"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Contrast" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOn]
"InstallVisualStyleSize" = "NormalSize"
[HKU\.DEFAULT\Control Panel\Colors]
"HotTrackingColor" = "0 0 128"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #0" = "13160660"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemHand\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Critical Stop.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #2" = "6956042"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #3" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #4" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #5" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #6" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #7" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #8" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #9" = "16777215"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"LastUserLangID" = "1033"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Colors]
"ActiveBorder" = "212 208 200"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\WindowsLogon\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Logon Sound.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #30" = "14215660"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme]
"DisplayName of Modified" = ""
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Recycle.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Control Panel\Colors]
"GradientInactiveTitle" = "157 185 235"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #1" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"WallpaperStyle" = "2"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2043" = "Windows default"
[HKU\.DEFAULT\Control Panel\Colors]
"HilightText" = "255 255 255"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Desktop\WindowMetrics]
"AppliedDPI" = "96"
[HKU\.DEFAULT\Control Panel\Desktop]
"SCRNSAVE.EXE" = "%WinDir%\System32\logon.scr"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonDkShadow" = "113 111 100"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
"Full" = "%SystemRoot%\System32\shell32.dll,32"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-883" = "Windows Standard"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #11" = "13160660"
[HKU\.DEFAULT\Control Panel\Cursors]
"(Default)" = "Windows default"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #10" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #9" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #13" = "6956042"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"LoadedBefore" = "1"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Mouse pointers" = "1"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonHilight" = "255 255 255"
[HKU\.DEFAULT\Control Panel\Appearance]
"Current" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes]
"SetupVersion" = "7"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Logoff Sound.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #22" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #21" = "4210752"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Font and window sizes" = "1"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #27" = "15780518"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #26" = "8388608"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #25" = "11908533"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #24" = "14811135"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\.Default\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Ding.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #29" = "12937777"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #28" = "12632256"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonLight" = "241 239 226"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOn]
"InstallVisualStyle" = "%ResourceDir%\themes\Luna\Luna.msstyles"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlMinorVersion" = "5"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #5" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper" = "%SystemRoot%\web\wallpaper\Bliss.bmp"
[HKU\.DEFAULT\Control Panel\Colors]
"MenuHilight" = "49 106 197"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Open\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #19" = "13160660"
[HKU\.DEFAULT\Control Panel\Colors]
"TitleText" = "255 255 255"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Battery Low.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ColorName" = "NormalColor"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2036" = "%WinDir%web\wallpaper\Bliss.bmp"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Current]
"(Default)" = "%SystemRoot%\resources\themes\Luna.theme"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Maximize\.Current]
"(Default)" = ""
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MailBeep\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Notify.wav"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Start.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #1" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #0" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #3" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #2" = "6956042"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #5" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #4" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #7" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #6" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #30" = "14215660"
[HKU\.DEFAULT\Control Panel\Colors]
"Background" = "0 78 152"
[HKU\.DEFAULT\Control Panel\Desktop\WindowMetrics]
"Shell Icon Size" = "32"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D EE 40 50 8F E6 0C D4 C5 AB E5 CD 52 2B AB F8"
[HKU\.DEFAULT\Control Panel\Colors]
"WindowFrame" = "0 0 0"
[HKU\.DEFAULT\Control Panel\Colors]
"ActiveTitle" = "0 84 227"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Screen saver" = "1"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonShadow" = "172 168 153"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
"(Default)" = "%SystemRoot%\System32\shell32.dll,31"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Flat Menus" = "0"
[HKU\.DEFAULT\Control Panel\Desktop]
"TileWallpaper" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"WallpaperLocalFileTime" = "0A AF A6 0D 6A 08 CE 01"
[HKU\.DEFAULT\Control Panel\Colors]
"Hilight" = "49 106 197"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #24" = "14811135"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"TileWallpaper" = "0"
[HKU\.DEFAULT\Control Panel\Colors]
"MenuBar" = "236 233 216"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\Components]
"Settings" = "0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #1" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive" = "1"
[HKU\.DEFAULT\Control Panel\Appearance]
"NewCurrent" = ""
[HKU\.DEFAULT\Control Panel\Colors]
"Window" = "255 255 255"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2019" = "Normal"
[HKU\.DEFAULT\Control Panel\Colors]
"Scrollbar" = "212 208 200"
[HKU\.DEFAULT\Control Panel\Colors]
"InfoWindow" = "255 255 225"
[HKU\.DEFAULT\Control Panel\Colors]
"GradientActiveTitle" = "61 149 255"
[HKU\.DEFAULT\Control Panel\Colors]
"InactiveTitleText" = "216 228 248"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #8" = "0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Exclamation.wav"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Rotate theme monthly" = "1"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Colors" = "1"
[HKU\.DEFAULT\AppEvents\Schemes]
"(Default)" = ".current"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonAlternateFace" = "181 181 181"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #1" = "0"
[HKU\.DEFAULT\Control Panel\Colors]
"InactiveTitle" = "122 150 223"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Flat Menus" = "0"
[HKU\.DEFAULT\Control Panel\Colors]
"GrayText" = "172 168 153"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon]
"(Default)" = "%SystemRoot%\SYSTEM32\mydocs.dll,0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime" = "0A 77 59 E8 50 08 CE 01"
[HKU\.DEFAULT\Control Panel\Appearance]
"CustomColors" = "FF FF FF 00 FF FF FF 00 FF FF FF 00 FF FF FF 00"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\General]
"Wallpaper" = "%SystemRoot%\web\wallpaper\Bliss.bmp"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #23" = "0"
[HKU\.DEFAULT\Control Panel\Colors]
"MenuText" = "0 0 0"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Desktop wallpaper" = "1"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\PrintComplete\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #4" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemNotification\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Balloon.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #20" = "16777215"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonText" = "0 0 0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Hardware Remove.wav"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Error.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #2" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Colors]
"InfoText" = "0 0 0"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #3" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOn]
"InstallVisualStyleColor" = "NormalColor"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Font #0" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Colors]
"InactiveBorder" = "212 208 200"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #1" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #0" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #3" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #2" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #5" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Font #4" = "F5 FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Control Panel\Colors]
"WindowText" = "0 0 0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemStart\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Startup.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes]
"InstallVisualStyleSize" = "NormalSize"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #18" = "0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceFail\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Hardware Fail.wav"
[HKU\.DEFAULT\Control Panel\Desktop]
"WallpaperStyle" = "2"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\RestoreUp\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Font names and styles" = "1"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #12" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #13" = "6956042"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme]
"Wallpaper" = "%SystemRoot%\web\wallpaper\Bliss.bmp"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #11" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #16" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #17" = "8421504"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #14" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #15" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #8" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Colors]
"Menu" = "255 255 255"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #2" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #3" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #0" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Icons" = "1"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #6" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #7" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #4" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Size #5" = "Type: REG_QWORD, Length: 8"
[HKU\.DEFAULT\Control Panel\Colors]
"ButtonFace" = "236 233 216"
[HKU\.DEFAULT\Control Panel\Colors]
"AppWorkspace" = "128 128 128"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\DefaultVisualStyleOff]
"InstallVisualStyle" = ""
[HKU\.DEFAULT\Software\Microsoft\Plus!\Themes\Apply]
"Sound events" = "1"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #19" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #28" = "12632256"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #29" = "12937777"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #25" = "11908533"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #26" = "8388608"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #27" = "15780518"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #20" = "16777215"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #21" = "4210752"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #22" = "13160660"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Color #23" = "0"
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\Components]
"GeneralFlags" = "0"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Close\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion" = "272"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Hardware Insert.wav"
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0]
"Contrast" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme]
"ThemeFile" = "%SystemRoot%\resources\themes\Luna.theme"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemExit\.Current]
"(Default)" = "%SystemRoot%\media\Windows XP Shutdown.wav"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes]
"InstallVisualStyleColor" = "NormalColor"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Minimize\.Current]
"(Default)" = ""
[HKU\.DEFAULT\Control Panel\Appearance\New Schemes\Current Settings SaveNoVisualStyle\Sizes\0]
"Color #10" = "13160660"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\RestoreDown\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemStart\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\.Default\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceFail\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\RestoreUp\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Open\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemHand\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Maximize\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MailBeep\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemExit\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\WindowsLogon\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Close\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\PrintComplete\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemNotification\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current]
"(Default)"
[HKU\.DEFAULT\AppEvents\Schemes\Apps\.Default\Minimize\.Current]
"(Default)"
The process regsvr32.exe:2896 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp2res.dll,-6100" = "Show Desktop"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227" = "My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ListviewAlphaSelect" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\WebView]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow]
"DefaultValue" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewWatermark]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade]
"DefaultApplied" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows]
"DefaultApplied" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow]
"DefaultValue" = "1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 D7 3F 92 5B C9 BB 9F B0 66 33 BD D1 D7 0D D2"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
[HKU\.DEFAULT\Software\Microsoft\FTP]
"Use PASV" = "yes"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"SYSTEM" = "%Documents and Settings%\%current user%\My Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation]
"DefaultValue" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ListviewShadow" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ListviewWatermark" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shell32.dll,-12693" = "Favorites"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shell32.dll,-12691" = "My Recent Documents"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarAnimations" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewWatermark]
"DefaultApplied" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect]
"DefaultValue" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2043"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2019"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11001"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"shmgrate.exe"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11003"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp1res.dll,-11004"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp2res.dll,-6100"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%SystemRoot%\system32]
"shell32.dll,-22017"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-2036"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@themeui.dll,-883"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shell32.dll,-12691"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID"
[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shell32.dll,-12693"
The process client.exe:1408 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 A3 13 86 77 08 CA 9B 3A 4B 14 76 3F C3 37 9A"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"
The process xiaohua100.exe:2308 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 09 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
"Signature" = "Client UrlCache MMF Ver 5.2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 DF 1C 73 14 8A 6E 0D 86 2A 9B 81 EB DC 54 04"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
"Signature" = "Client UrlCache MMF Ver 5.2"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
The Trojan deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
The process 564da31e078bcf76ee12aa77cc11777d.exe:920 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 25 67 F2 98 C6 A3 F7 C4 3A FD 42 72 C1 A9 D7"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
The process NjqffhnBtu.EXE:1156 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 98 53 9B 02 56 97 84 04 07 CF 7A A9 C8 1B AC"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ktt30404" = "%Documents and Settings%\All Users\Application Data\DownloadSave\NjqffhnBtu.EXE"
The process QypdkquFqy.EXE:192 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 89 D0 78 69 C7 4A 2A 76 94 56 C4 E6 AB EF C8"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%System%\services.exe.bzxck,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
The process Cfomwcktv_NET.exe:4076 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 32 EF 71 52 00 8D 26 0F 93 E8 A4 1A 59 58 A8"
[HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip]
"DLLPath" = "C:\1562500.dll"
The process Rundll32.exe:2656 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC AA C5 E6 79 56 FC DD 80 69 3A 04 AF 11 A3 23"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"2004" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2004" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"2004" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"2007" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2007" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"2001" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2001" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"2007" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"2004" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"2007" = "65536"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"2001" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"2001" = "0"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"2001" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"2007" = "3"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"2004" = "3"
The process msiexec.exe:3012 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 1A CE 24 5A BC 4D B3 EE D8 7B 1A 69 E0 28 A7"
[HKCR\Installer\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\SourceList]
"LastUsedSource" = "n;1;%System%\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
"DisplayName" = "WebFldrs XP"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:]
"Config.Msi" = ""
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
"(Default)" = "%WinDir%\Installer\14d16a.ipi"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\InstallProperties]
"DisplayName" = "WebFldrs XP"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\C:\Config.Msi]
"14d16b.rbs" = "1121746656"
[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\Patches]
"AllPatches" = ""
The Trojan deletes the following registry key(s):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\Patches]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts]
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\Patches]
"AllPatches"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts\C:\Config.Msi]
"14d16b.rbs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:]
"Config.Msi"
The process pvcxkfs.exe:1616 makes changes in a system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit" = "%System%\userinit.exe,%Documents and Settings%\All Users\Application Data\DownloadSave\pvcxkfs.exe"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 9A 89 49 D0 F0 45 1A 4B 1A 44 5B F4 AD 5E DD"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
Network activity (URLs)
URL: hxxp://tf01.dlmix.glb0.lxdns.com/liebao/link/ksbinstaller_s_67_1003.exe Country: China
URL: www.aixoxo.com IP: 198.13.114.201
URL: tu.1000re.com IP: 116.255.139.172
URL: o.lijnl.com IP: 199.188.111.145
URL: 1372440060.aiqqtu.com IP: 183.136.204.67
URL: down.020pidai.com IP: 116.208.7.75
URL: it.safe7788.com IP: 59.188.73.7
URL: cnzz.mmstat.com IP: 42.121.149.44
URL: www.jlnle.com IP: 142.0.141.90
URL: s17.cnzz.com IP: 1.99.192.16
URL: www.baitaishenghuo.com IP: 222.186.50.160
URL: dlsw.baidu.com IP: 183.60.131.27
URL: jump.sanboke.com IP: 202.85.213.139
URL: pcookie.cnzz.com IP: 42.121.149.42
URL: jump.1000re.com IP: 116.255.139.172
URL: js.1000re.com IP: 116.255.139.172
URL: d.union.ijinshan.com IP: 121.14.231.35
URL: s1.admin6.com IP: 58.218.178.62
URL: img.kutata.com IP: 118.244.215.46
URL: down.yinyue.fm IP: 115.238.240.7
URL: dl.ta20.com IP: 58.218.39.216
URL: www.baidu.com IP: 220.181.111.148
URL: int.dpool.sina.com.cn IP: 123.125.29.250
URL: download.wuji.com IP: 115.238.246.130
URL: xz5.xxooss.com IP: 198.13.114.201
URL: i.safe7788.com IP: 59.188.73.7
URL: tj.wuji.com IP: 115.238.240.12
URL: ie.cn170.com IP: 222.187.222.227
URL: hzs17.cnzz.com IP: 42.156.140.23
URL: stat.kutata.com IP: 118.244.187.34
URL: js.users.51.la IP: 117.21.227.47
URL: server.gamelm.org IP: 128.134.244.31
Rootkit activity
No anomalies have been detected.
Propagation
Worm that spreads its copies in attachments included in emails.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
setup_open_3207.exe:184
ping.exe:2712
ie4uinit.exe:2168
JikeSetup.exe:448
WujiPlayer.exe:1108
setup50.exe:2792
setup50.exe:2404
Jike.exe:1512
xz.exe:652
setup_2951-3011.exe:3100
shmgrate.exe:2576
shmgrate.exe:2880
shmgrate.exe:2852
shmgrate.exe:3208
schovt.exe:1568
rundll32.exe:2548
rundll32.exe:1628
rundll32.exe:3492
rundll32.exe:3372
rundll32.exe:3220
rundll32.exe:2696
unregmp2.exe:3736
mscorsvw.exe:1912
Baidusd_OnlineSetup_sid_30016.exe:1504
taskkill.exe:2316
uuu.exe:260
V24.exe:1360
regsvr32.exe:2596
regsvr32.exe:2896
client.exe:1408
564da31e078bcf76ee12aa77cc11777d.exe:920
QypdkquFqy.EXE:192
Cfomwcktv_NET.exe:4076
Rundll32.exe:2656
pvcxkfs.exe:1616 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Program Files%\Wuji\2013628\Data\err.jpg (784 bytes)
%Program Files%\Wuji\2013628\DuiLib.dll (16288 bytes)
%Program Files%\Wuji\2013628\Data\Err.html (1 bytes)
%Program Files%\Wuji\2013628\Data\Def.html (902 bytes)
%Documents and Settings%\All Users\Desktop\µçÓ°FM.lnk (1 bytes)
%Program Files%\Wuji\2013628\WJNews.exe (26688 bytes)
%Program Files%\Wuji\2013628\playlist.xml (63 bytes)
%Program Files%\Wuji\2013628\Data\User2.ini (57 bytes)
%Program Files%\Wuji\2013628\Data\EKanR.dat (7192 bytes)
%Program Files%\Wuji\2013628\server.ini (1 bytes)
%Documents and Settings%\All Users\Desktop\ÃŒÃâ€Ã‚±Â¦Â¹ÂºÃŽÃ¯.lnk (1 bytes)
%Program Files%\Wuji\2013628\Data\loading.gif (8 bytes)
%Program Files%\Wuji\2013628\INISet\OLDSet.Xml (1 bytes)
%Program Files%\Wuji\2013628\Unins.exe (5064 bytes)
%Program Files%\Wuji\2013628\Data\tab_more.png (4 bytes)
%Documents and Settings%\All Users\Desktop\ÎÞ¼«Ó°Òô.lnk (778 bytes)
%Program Files%\Wuji\2013628\PlayerUpdate.exe (5520 bytes)
%Program Files%\Wuji\2013628\WujiPlayer.exe (10136 bytes)
%Program Files%\Wuji\2013628\icon\dyfm.ico (784 bytes)
%Program Files%\Wuji\2013628\WJNewsUninstall.exe (1856 bytes)
%Program Files%\Wuji\2013628\INISet\DMSet.Xml (1 bytes)
%Program Files%\Wuji\2013628\icon\taobao.ico (15 bytes)
%Program Files%\Wuji\2013628\SysConfig.ini (377 bytes)
%Program Files%\Wuji\2013628\client.ini (1 bytes)
%Program Files%\Wuji\2013628\Data\def.jpg (1552 bytes)
%WinDir%\security\logs\scecomp.log (1366 bytes)
%WinDir%\Temp\RGI10.tmp (1680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\desktop.ini (67 bytes)
%WinDir%\Temp\RGID.tmp (230 bytes)
%Documents and Settings%\%current user%\My Documents\My Music\Desktop.ini (556 bytes)
%Documents and Settings%\%current user%\My Documents\desktop.ini (136 bytes)
%Documents and Settings%\%current user%\My Documents\My Pictures\Desktop.ini (564 bytes)
%WinDir%\Temp\OLD9.tmp (767 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini (162 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (1474 bytes)
%WinDir%\Temp\RGIF.tmp (230 bytes)
%WinDir%\Temp\RGIE.tmp (230 bytes)
%WinDir%\Temp\OLD8.tmp (869 bytes)
%WinDir%\Temp\RGIB.tmp (230 bytes)
%WinDir%\Temp\RGIA.tmp (1011 bytes)
%WinDir%\Temp\RGIC.tmp (230 bytes)
%Program Files%\Jike\Jike.exe (50 bytes)
%WinDir%\conime\Svchost.exe (19152 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15b1.bit (72535 bytes)
%WinDir%\conime\bitstreams\COPYING_ztex (811 bytes)
%WinDir%\conime\NEWS.txt (7192 bytes)
%WinDir%\conime\libusb-1.0.dll (3616 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d4.bin (6 bytes)
%WinDir%\conime\api-example.php (2 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d1.bit (133421 bytes)
%WinDir%\conime\linux-usb-cgminer.txt (11 bytes)
%WinDir%\conime\AUTHORS.txt (438 bytes)
%WinDir%\conime\libeay32.dll (49631 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15y1.bin (6 bytes)
%WinDir%\conime\poclbm130302.cl (1552 bytes)
%WinDir%\conime\GPU-README.txt (784 bytes)
%WinDir%\conime\svchostUpdate.zip (562396 bytes)
%WinDir%\conime\COPYING.txt (1552 bytes)
%WinDir%\conime\README.txt (784 bytes)
%WinDir%\Temp\con1A.tmp (58 bytes)
%WinDir%\conime\diablo130302.cl (1552 bytes)
%WinDir%\conime\bitstreams\COPYING_fpgaminer (983 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d3.bit (133421 bytes)
%WinDir%\conime\scrypt130511.cl (784 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15y1.bit (133421 bytes)
%WinDir%\Temp\con6.tmp (2 bytes)
%WinDir%\conime\api-example.c (7 bytes)
%WinDir%\conime\cgminer-nogpu.exe (16288 bytes)
%WinDir%\conime\API.java (3 bytes)
%WinDir%\conime\API.class (3 bytes)
%WinDir%\conime\ASIC-README.txt (4 bytes)
%WinDir%\conime\bitstreams\ztex_ufm1_15d4.bit (133421 bytes)
%WinDir%\conime\windows-build.txt (15 bytes)
%WinDir%\conime\ssleay32.dll (12536 bytes)
%WinDir%\conime\ChangeLog.txt (166 bytes)
%WinDir%\conime\zlib1.dll (3312 bytes)
%WinDir%\conime\bitstreams\fpgaminer_top_fixed7_197MHz.ncd (114009 bytes)
%WinDir%\conime\FPGA-README.txt (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA5GM5X7.htm (58 bytes)
%WinDir%\conime\phatk121016.cl (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cg[1].zip (894905 bytes)
%WinDir%\conime\diakgcn121016.cl (784 bytes)
%WinDir%\conime\libidn-11.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAT48RPT.htm (2 bytes)
%WinDir%\conime\librtmp.dll (6584 bytes)
%WinDir%\conime\libssh2.dll (6360 bytes)
%WinDir%\conime\miner.php (1856 bytes)
%WinDir%\conime\example.conf (763 bytes)
%WinDir%\conime\SCRYPT-README.txt (9 bytes)
%WinDir%\conime\libcurl.dll (20624 bytes)
%WinDir%\conime\API-README.txt (1856 bytes)
%System%\Baidusd_OnlineSetup_sid_30016.exe (7972 bytes)
%WinDir%\OEWABLog.txt (172 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\desktop.ini (82 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Address Book.lnk (1548 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk (783 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (845 bytes)
%WinDir%\Temp\Install-NO£º1.exe (31322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xz1[1].exe (49396 bytes)
%System%\setup_2951-3011.exe (23407 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\desktop.ini (40 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Internet Explorer.lnk (767 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Outlook Express.lnk (738 bytes)
%WinDir%\o.ini (45 bytes)
%System%\dllone.txt (98 bytes)
\Device\Harddisk0\DR0 (4559 bytes)
%Documents and Settings%\%current user%\Favorites\Links\WINDOWS MARKETPLACE.URL (218 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Windows Media Player.lnk (792 bytes)
%WinDir%\wmsetup.log (576 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk (804 bytes)
%System%\wmpns.dll (1281 bytes)
%WinDir%\Temp\nsw18.tmp (88728 bytes)
%WinDir%\Temp\nsc19.tmp\BDMDownload.dll (3312 bytes)
%WinDir%\Temp\nsc19.tmp\BDMSkin.dll (33877 bytes)
%WinDir%\Temp\nsc19.tmp\config.ini (95 bytes)
%WinDir%\Temp\nsc19.tmp\setupinfo.txt.bdtmp (864 bytes)
%WinDir%\Temp\nsc19.tmp\KVNetInstallHelpler.dll (13584 bytes)
%WinDir%\Temp\nsc19.tmp\dl.dll (62035 bytes)
%WinDir%\Temp\nsc19.tmp\res\onlineWnd.zip (6584 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\RCX1.tmp (106862 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\RecordPath (260 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\pvcxkfs.exe (62 bytes)
%WinDir%\Temp\PPTV.exe (1688 bytes)
%WinDir%\MyConfig.ini (223 bytes)
%WinDir%\Temp\baidu.exe (233 bytes)
%WinDir%\Temp\yinyue.exe (235 bytes)
%WinDir%\Temp\mumu.exe (261 bytes)
%WinDir%\Temp\Cfomwcktv_NET.exe (145 bytes)
%WinDir%\Temp\xiaohua100.exe (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\imgcopy[1].png (2142 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].gif (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\yp[1].js (145 bytes)
%Documents and Settings%\%current user%\Cookies\system@mmstat[1].txt (168 bytes)
%Documents and Settings%\%current user%\Cookies\system@www.aixoxo[1].txt (481 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cnzz_core[1].php (408 bytes)
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[2].txt (967 bytes)
%System%\xz.exe (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shouyu[1].gif (69764 bytes)
%Documents and Settings%\%current user%\Cookies\system@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (6068 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (10216 bytes)
%Documents and Settings%\%current user%\Cookies\system@jump.1000re[1].txt (1470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aixoxo[1].htm (2025 bytes)
%Documents and Settings%\%current user%\Cookies\system@page[1].txt (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\page[1].htm (145 bytes)
%Documents and Settings%\%current user%\Cookies\system@cnzz.mmstat[1].txt (202 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\a4[1].htm (315 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_bg.bmp (20360 bytes)
%WinDir%\Temp\nsa13.tmp\aaa1.txt (958 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_button.bmp (2784 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_button2.bmp (3624 bytes)
%WinDir%\Temp\nsa13.tmp\registry.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\gethtm3[1].htm (958 bytes)
%WinDir%\Temp\nsa13.tmp\InetLoad.dll (24 bytes)
%WinDir%\Temp\nsa13.tmp\WndProc.dll (3 bytes)
%WinDir%\Temp\nsa13.tmp\System.dll (11 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_off4.bmp (1 bytes)
%WinDir%\Temp\nsa13.tmp\ok_button.bmp (3624 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_bg4.bmp (15493 bytes)
%WinDir%\Temp\nsa13.tmp\checkbox2.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\nsDialogs.dll (9 bytes)
%WinDir%\Temp\nsa13.tmp\checkbox1.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_ok.bmp (11480 bytes)
%WinDir%\Temp\nsa13.tmp\files.bmp (3 bytes)
%WinDir%\Temp\nsa13.tmp\BgWorker.dll (2 bytes)
%WinDir%\Temp\nsa13.tmp\Installation_off5.bmp (1 bytes)
%WinDir%\Temp\nsa13.tmp\SkinBtn.dll (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Desktop.htt (1397 bytes)
%Documents and Settings%\%current user%\Recent\Desktop.ini (252 bytes)
%Documents and Settings%\%current user%\Favorites\Desktop.ini (181 bytes)
%WinDir%\conime\conime.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\History\desktop.ini (159 bytes)
%System%\lf_tgy.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\uuu[1].exe (13570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c.ini (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bindplugin[1].ini (702 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\ksbinstaller_s_67_1003.exe (128588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setup_open_3207[1].exe (449113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\uuu.exe (7772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\setup_open_3207.exe (232291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\54c\JikeSetup.exe (18340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\JikeSetup[1].exe (34546 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ksbinstaller_s_67_1003[1].exe (248739 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\4.tmp (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3.tmp (1359 bytes)
%WinDir%\Fonts\com43.ttf (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\man2.bat (255 bytes)
%System%\services.exe.rzxcp (601 bytes)
%System%\dllcache\services.exe (1137 bytes)
C:\NT_path.jpg (62 bytes)
C:\1562500.dll (107 bytes)
%System%\config\default (21324 bytes)
%System%\config\SYSTEM.LOG (4681 bytes)
%System%\config\SOFTWARE.LOG (25787 bytes)
%System%\config\software (23417 bytes)
%System%\config\DEFAULT.LOG (25312 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (7080 bytes)
%WinDir%\Installer\14d16a.ipi (200 bytes)
%System%\config\system (2031 bytes)
%WinDir%\Installer\MSI14.tmp (657 bytes)
C:\Config.Msi\14d16b.rbs (10670 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\list2[1].txt (68 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\NjqffhnBtu.EXE (23156 bytes)
%Documents and Settings%\All Users\Application Data\DownloadSave\QypdkquFqy.EXE (6696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\9902[1].exe (6588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cn[1].exe (22900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WJNews_2013628" = "%Program Files%\Wuji\2013628\WJNews.exe -mini"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WujiPlayer_2013628" = "%Program Files%\Wuji\2013628\WujiPlayer.exe -mini"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sfchk" = "%Program Files%\Jike\Jike.exe"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"conime" = "c:\windows\conime\conime.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ktt30404" = "%Documents and Settings%\All Users\Application Data\DownloadSave\NjqffhnBtu.EXE" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.