Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Spyware.WinKeyG

Spyware.WinKeyG

Updated:
13 February 2007
Version:
3.1.0.214
Publisher:
VsiSystems
Risk Impact:
High
File Names:
winkeyg.exe (winzip self-extractor),winkeyg.exe (the actual running executable)
Systems Affected:
Windows

Behavior


Spyware.WinKeyG is a keylogging spyware program that monitors all the keystrokes on a system.

Symptoms


One or more files are detected as Spyware.WinKeyG.

Behavior


Spyware.WinKeyG must be manually installed.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 02 October 2014 revision 022
  • Initial Daily Certified version 17 July 2004
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date 21 July 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Spyware.WinKeyG has the following features:
    • A user can use <Alt+Up Arrow> or <Alt+Down Arrow> to retrieve previously typed text. Then use <Ctrl+V> to paste the text.
    • When Auto Type is enabled, it recognizes typed duplicate words and auto-completes the word by pressing the TAB key.
    • Saves all the typed text to a file.
    • Saves the Auto Type words to a text file.

When Spyware.WinKeyG is run, it does the following:
  1. Creates the following registry keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\"VB6STKIT.DLL"=0x1"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\SYSTEM32\"COMCAT.DLL"=0x4"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\SYSTEM32\"STDOLE2.TLB"=0x2"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\SYSTEM32\"ASYCFILT.DLL"=0x2"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\SYSTEM32\"OLEPRO32.DLL"=0x2"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\SYSTEM32\"OLEAUT32.DLL"=0x2"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\"msvbvm60.dll"=0x4"
    HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\"(Default)"="C:\WINNT\SYSTEM32\STDOLE2.TLB"
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\TypeLib\"(Default)"="{00020430-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{00020412-0000-0000-C000-000000000046}\"(Default)"="ITypeInfo2"
    HKEY_CLASSES_ROOT\Interface\{00020412-0000-0000-C000-000000000046}\NumMethods\"(Default)"="32"
    HKEY_CLASSES_ROOT\Interface\{00020412-0000-0000-C000-000000000046}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{00020411-0000-0000-C000-000000000046}\"(Default)"="ITypeLib2
    HKEY_CLASSES_ROOT\Interface\{00020411-0000-0000-C000-000000000046}\NumMethods\"(Default)"="16
    HKEY_CLASSES_ROOT\Interface\{00020411-0000-0000-C000-000000000046}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\CLSID\"(Default)"="Standard Font"
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\"(Default)"="Standard Font"
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\"(Default)"="oleaut32.dll"
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\ProgID\("Default)"="StdFont"
    HKEY_CLASSES_ROOT\StdFont\CLSID\"(Default)"="{0BE35203-8F91-11CE-9DE3-00AA004BB851}
    HKEY_CLASSES_ROOT\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\CLSID\"(Default)"="Obsolete Font
    HKEY_CLASSES_ROOT\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\"(Default)"="Obsolete Font"
    HKEY_CLASSES_ROOT\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32\"(Default)"="oleaut32.dll"
    HKEY_CLASSES_ROOT\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\ProgID\"(Default)"="OldFont"
    HKEY_CLASSES_ROOT\OldFont\CLSID\"(Default)"="{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\CLSID\"(Default)"="Standard Picture"
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\"(Default)"="Standard Picture"  
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\"(Default)"="oleaut32.dll"
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\ProgID\"(Default)"="StdPicture"
    HKEY_CLASSES_ROOT\StdPicture\CLSID\"(Default)"="{0BE35204-8F91-11CE-9DE3-00AA004BB851}"
    HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\"(Default)"="PSDispatch"
    HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\"(Default)"="PSEnumVariant"
    HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\"(Default)"="PSTypeInfo"
    HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{00020423-0000-0000-C000-000000000046}\"(Default)"="PSTypeLib"
    HKEY_CLASSES_ROOT\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\"(Default)"="PSOAInterface"
    HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{00020425-0000-0000-C000-000000000046}\"(Default)"="PSTypeComp"
    HKEY_CLASSES_ROOT\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer\"(Default)"="ole2disp.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\"(Default)"="PSFactoryBuffer"
    HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{0000002F-0000-0000-C000-000000000046}\"(Default)"="CLSID_RecordInfo"  
    HKEY_CLASSES_ROOT\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\"(Default)"="CLSID_StdFont"
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\ThreadingModel"="Both"  
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\"(Default)"="CLSID_StdPict"
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\"(Default)"="oleaut32.dll"  
    HKEY_CLASSES_ROOT\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}\"(Default)"="IErrorInfo"
    HKEY_CLASSES_ROOT\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{22F03340-547D-101B-8E65-08002B2BD119}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{22F03340-547D-101B-8E65-08002B2BD119}\"(Default)"="ICreateErrorInfo"  
    HKEY_CLASSES_ROOT\Interface\{22F03340-547D-101B-8E65-08002B2BD119}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{22F55881-280B-11D0-A8A9-00A0C90C2004}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{22F55881-280B-11D0-A8A9-00A0C90C2004}\"(Default)"="IPersistPropertyBag2"  
    HKEY_CLASSES_ROOT\Interface\{22F55881-280B-11D0-A8A9-00A0C90C2004}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004}\"(Default)"="IPropertyBag2"
    HKEY_CLASSES_ROOT\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{CF51ED10-62FE-11CF-BF86-00A0C9034836}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{CF51ED10-62FE-11CF-BF86-00A0C9034836}\"(Default)"="IQuickActivate"
    HKEY_CLASSES_ROOT\Interface\{CF51ED10-62FE-11CF-BF86-00A0C9034836}\NumMethods\"(Default)"="6"
    HKEY_CLASSES_ROOT\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8}\"(Default)"="IAdviseSinkEx"
    HKEY_CLASSES_ROOT\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8}\NumMethods\"(Default)"="9"
    HKEY_CLASSES_ROOT\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\"(Default)"="IPropertyBag"  
    HKEY_CLASSES_ROOT\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01}\"(Default)"="IOleUndoManager"
    HKEY_CLASSES_ROOT\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01}\NumMethods\"(Default)"="15"
    HKEY_CLASSES_ROOT\Interface\{742B0E01-14E6-101B-914E-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{742B0E01-14E6-101B-914E-00AA00300CAB}\"(Default)"="ISimpleFrameSite"  
    HKEY_CLASSES_ROOT\Interface\{742B0E01-14E6-101B-914E-00AA00300CAB}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{9BFBBC02-EFF1-101A-84ED-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{9BFBBC02-EFF1-101A-84ED-00AA00341D07}\"(Default)"="IPropertyNotifySink"
    HKEY_CLASSES_ROOT\Interface\{9BFBBC02-EFF1-101A-84ED-00AA00341D07}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{BEF6E002-A874-101A-8BBA-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{BEF6E002-A874-101A-8BBA-00AA00300CAB}\"(Default)"="IFont"
    HKEY_CLASSES_ROOT\Interface\{BEF6E002-A874-101A-8BBA-00AA00300CAB}\NumMethods\"(Default)"="27"
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\"(Default)"="IFontDisp"
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}\"(Default)"="IFontEventsDisp"
    HKEY_CLASSES_ROOT\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{A1FAF330-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{A1FAF330-EF97-11CE-9BC9-00AA00608E01}\"(Default)"="IOleParentUndoUnit"
    HKEY_CLASSES_ROOT\Interface\{A1FAF330-EF97-11CE-9BC9-00AA00608E01}\NumMethods\"(Default)"="12"
    HKEY_CLASSES_ROOT\Interface\{B3E7C340-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B3E7C340-EF97-11CE-9BC9-00AA00608E01}\"(Default)"="IEnumOleUndoUnits"
    HKEY_CLASSES_ROOT\Interface\{B3E7C340-EF97-11CE-9BC9-00AA00608E01}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{3127CA40-446E-11CE-8135-00AA004BB851}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{3127CA40-446E-11CE-8135-00AA004BB851}\"(Default)"="IErrorLog"
    HKEY_CLASSES_ROOT\Interface\{3127CA40-446E-11CE-8135-00AA004BB851}\NumMethods\"(Default)"="4"
    HKEY_CLASSES_ROOT\Interface\{37D84F60-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{37D84F60-42CB-11CE-8135-00AA004BB851}\"(Default)"="IPersistPropertyBag"
    HKEY_CLASSES_ROOT\Interface\{37D84F60-42CB-11CE-8135-00AA004BB851}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{01E44665-24AC-101B-84ED-08002B2EC713}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{01E44665-24AC-101B-84ED-08002B2EC713}\"(Default)"="IPropertyPage2"
    HKEY_CLASSES_ROOT\Interface\{01E44665-24AC-101B-84ED-08002B2EC713}\NumMethods\"(Default)"="15"
    HKEY_CLASSES_ROOT\Interface\{7BF80980-BF32-101A-8BBB-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{7BF80980-BF32-101A-8BBB-00AA00300CAB}\"(Default)"="IPicture"  
    HKEY_CLASSES_ROOT\Interface\{7BF80980-BF32-101A-8BBB-00AA00300CAB}\NumMethods\"(Default)"="17"
    HKEY_CLASSES_ROOT\Interface\{7FD52380-4E07-101B-AE2D-08002B2EC713}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{7FD52380-4E07-101B-AE2D-08002B2EC713}\"(Default)"="IPersistStreamInit"
    HKEY_CLASSES_ROOT\Interface\{7FD52380-4E07-101B-AE2D-08002B2EC713}\NumMethods\"(Default)"="9"
    HKEY_CLASSES_ROOT\Interface\{9C2CAD80-3424-11CF-B670-00AA004CD6D8}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{9C2CAD80-3424-11CF-B670-00AA004CD6D8}\"(Default)"="IOleInPlaceSiteEx"
    HKEY_CLASSES_ROOT\Interface\{9C2CAD80-3424-11CF-B670-00AA004CD6D8}\NumMethods\"(Default)"="18"
    HKEY_CLASSES_ROOT\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\"(Default)"="IPictureDisp"  
    HKEY_CLASSES_ROOT\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IProvideClassInfo"
    HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="4"
    HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IConnectionPointContainer"
    HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IEnumConnectionPoints"
    HKEY_CLASSES_ROOT\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IConnectionPoint"  
    HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IEnumConnections"  
    HKEY_CLASSES_ROOT\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IOleControl"
    HKEY_CLASSES_ROOT\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IOleControlSite"
    HKEY_CLASSES_ROOT\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="10"
    HKEY_CLASSES_ROOT\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07}\"(Default)"="ISpecifyPropertyPages"
    HKEY_CLASSES_ROOT\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="4"
    HKEY_CLASSES_ROOT\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IPropertyPageSite"
    HKEY_CLASSES_ROOT\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IPropertyPage"
    HKEY_CLASSES_ROOT\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="14"
    HKEY_CLASSES_ROOT\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07}\"(Default)"="IClassFactory2"
    HKEY_CLASSES_ROOT\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07}\NumMethods\"(Default)"="8"
    HKEY_CLASSES_ROOT\Interface\{55980BA0-35AA-11CF-B671-00AA004CD6D8}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{55980BA0-35AA-11CF-B671-00AA004CD6D8}\"(Default)"="IPointerInactive"  
    HKEY_CLASSES_ROOT\Interface\{55980BA0-35AA-11CF-B671-00AA004CD6D8}\NumMethods\"(Default)"="6"
    HKEY_CLASSES_ROOT\Interface\{FC4801A3-2BA9-11CF-A229-00AA003D7352}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{FC4801A3-2BA9-11CF-A229-00AA003D7352}\"(Default)"="IObjectWithSite"
    HKEY_CLASSES_ROOT\Interface\{FC4801A3-2BA9-11CF-A229-00AA003D7352}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{376BD3AA-3845-101B-84ED-08002B2EC713}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{376BD3AA-3845-101B-84ED-08002B2EC713}\"(Default)"="IPerPropertyBrowsing"  
    HKEY_CLASSES_ROOT\Interface\{376BD3AA-3845-101B-84ED-08002B2EC713}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{894AD3B0-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{894AD3B0-EF97-11CE-9BC9-00AA00608E01}\"(Default)"="IOleUndoUnit"  
    HKEY_CLASSES_ROOT\Interface\{894AD3B0-EF97-11CE-9BC9-00AA00608E01}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{A6BC3AC0-DBAA-11CE-9DE3-00AA004BB851}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{A6BC3AC0-DBAA-11CE-9DE3-00AA004BB851}\"(Default)"="IProvideClassInfo2"
    HKEY_CLASSES_ROOT\Interface\{A6BC3AC0-DBAA-11CE-9DE3-00AA004BB851}\NumMethods\"(Default)"="5"
    HKEY_CLASSES_ROOT\Interface\{A7ABA9C1-8983-11CF-8F20-00805F2CD064}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{A7ABA9C1-8983-11CF-8F20-00805F2CD064}\"(Default)"="IProvideMultipleClassInfo"
    HKEY_CLASSES_ROOT\Interface\{A7ABA9C1-8983-11CF-8F20-00805F2CD064}\NumMethods\"(Default)"="7"
    HKEY_CLASSES_ROOT\Interface\{BD1AE5E0-A6AE-11CE-BD37-504200C10000}\ProxyStubClsid32\"(Default)"="{B196B286-BAB4-101A-B69C-00AA00341D07}"
    HKEY_CLASSES_ROOT\Interface\{BD1AE5E0-A6AE-11CE-BD37-504200C10000}\"(Default)"="IPersistMemory"
    HKEY_CLASSES_ROOT\Interface\{BD1AE5E0-A6AE-11CE-BD37-504200C10000}\NumMethods\"(Default)"="9"
    HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\"(Default)"="C:\WINNT\System32\stdole2.tlb"
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\"(Default)"="Font"  
    HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\"(Default)"="Picture"
    HKEY_CLASSES_ROOT\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}\"(Default)"="FontEvents"
    HKEY_CLASSES_ROOT\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\"(Default)"="VBPropertyBag"
    HKEY_CLASSES_ROOT\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InProcServer32\"(Default)"="C:\WINNT\SYSTEM32\msvbvm60.dll"
    HKEY_CLASSES_ROOT\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InProcServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\6.0\9\win32\"(Default)"="C:\WINNT\SYSTEM32\msvbvm60.dll"
    HKEY_CLASSES_ROOT\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0\9\win32\"(Default)"="C:\WINNT\SYSTEM32\msvbvm60.dll\3"  
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\EventMessageFile"="C:\WINNT\SYSTEM32\msvbvm60.dll"
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\TypesSupported"=0x4
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\COMDLG32.OCX"=0x1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\DWSPY36.dll"=0x1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\DWSHK36.OCX"=0x1
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\"(Default)"="Microsoft Common Dialog Control, version 6.0"  
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\"(Default)"="Microsoft Common Dialog Control, version 6.0"  
    HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CLSID\"(Default)"="{F9043C85-F6F2-101A-A3C9-08002B2F49FB}"
    HKEY_CLASSES_ROOT\MSComDlg.CommonDialog\CurVer\"(Default)"="MSComDlg.CommonDialog.1"
    HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1\"(Default)"="Microsoft Common Dialog Control, version 6.0"  
    HKEY_CLASSES_ROOT\MSComDlg.CommonDialog.1\CLSID\"(Default)"="{F9043C85-F6F2-101A-A3C9-08002B2F49FB}"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID\"(Default)"="MSComDlg.CommonDialog"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID\"(Default)"="MSComDlg.CommonDialog.1"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\"(Default)"="{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version\"(Default)"="1.2"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\"(Default)"="0"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1\"(Default)"="132499"
    HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX, 1"
    HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\"(Default)"="Common Dialog Open Property Page Object"
    HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\"(Default)"="Common Dialog Color Property Page Object"  
    HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\"(Default)"="Common Dialog Print Property Page Object"  
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\"(Default)"="Common Dialog Font Property Page Object"
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\"(Default)"="Common Dialog Help Property Page Object"
    HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\"(Default)"="Microsoft Common Dialog Control 6.0 (SP3)"
    HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS\"(Default)"="2"
    HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32\"(Default)"="C:\WINNT\system32\COMDLG32.OCX"
    HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR\"(Default)"=""  
    HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\"(Default)"="ICommonDialog"
    HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid\"(Default)"="{00020424-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\"(Default)"="{00020424-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\"(Default)"="{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"
    HKEY_CLASSES_ROOT\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version"="1.2"
    HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\"(Default)"="ICommonDialogEvents"
    HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\"(Default)"="{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"
    HKEY_CLASSES_ROOT\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\Version"="1.2"
    HKEY_CLASSES_ROOT\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}\1.0\"(Default)"="dwspy35 1.0 Type Library"  
    HKEY_CLASSES_ROOT\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}\1.0\FLAGS\"(Default)"="0"
    HKEY_CLASSES_ROOT\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}\1.0\0\win32\"(Default)"="C:\WINNT\system32\DWSPY36.dll"
    HKEY_CLASSES_ROOT\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}\1.0\HELPDIR\"(Default)"="C:\WINNT\system32\"
    HKEY_CLASSES_ROOT\dwshk36.WinHook.6\"(Default)"="Desaware SpyWorks 6 Hook Control"  
    HKEY_CLASSES_ROOT\dwshk36.WinHook.6\CLSID\"(Default)"="{389B19B9-9A87-11D1-B77F-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.WinHook\"(Default)"="WinHook"
    HKEY_CLASSES_ROOT\dwshk36.WinHook\CurVer\"(Default)"="dwshk36.WinHook.6"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\"(Default)"="Desaware SpyWorks 6 Hook Control"  
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\ProgID\"(Default)"="dwshk36.WinHook.6"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\VersionIndependentProgID\"(Default)"="Desaware SpyWorks 6 Hook Control"  
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\ToolboxBitmap32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX, 202"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\MiscStatus\"(Default)"="0"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\MiscStatus\1\"(Default)"="132497"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\TypeLib\"(Default)"="{389B19AA-9A87-11D1-B77F-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\Version\"(Default)"="6.0"
    HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}\Verb\0\"(Default)"="P&roperties,0,2"
    HKEY_CLASSES_ROOT\Dwshk36.DwshkPropPage.1\"(Default)"="DwshkPropPage PropertyPage"
    HKEY_CLASSES_ROOT\Dwshk36.DwshkPropPage.1\CLSID\"(Default)"="{855C49A7-9C3C-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\Dwshk36.DwshkPropPage\"(Default)"="DwshkPropPage PropertyPage"
    HKEY_CLASSES_ROOT\Dwshk36.DwshkPropPage\CurVer\"(Default)"="Dwshk36.DwshkPropPage.1"
    HKEY_CLASSES_ROOT\CLSID\{855C49A7-9C3C-11D1-B784-00001C1AD1F8}\"(Default)"="DwshkPropPage PropertyPage"
    HKEY_CLASSES_ROOT\CLSID\{855C49A7-9C3C-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{855C49A7-9C3C-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\dwshk36.RegMsg.1\"(Default)"="RegMsg PropertyPage"
    HKEY_CLASSES_ROOT\dwshk36.RegMsg.1\CLSID\"(Default)"="{2C704DBB-9C46-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.RegMsg\"(Default)"="RegMsg PropertyPage"
    HKEY_CLASSES_ROOT\dwshk36.RegMsg\CurVer\"(Default)"="dwshk36.RegMsg.1"  
    HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}\"(Default)"="RegMsg PropertyPage"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\dwshk36.MsgList.1\"(Default)"="MsgList PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.MsgList.1\CLSID\"(Default)"="{2C704DBC-9C46-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.MsgList\"(Default)"="MsgList PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.MsgList\CurVer\"(Default)"="dwshk36.MsgList.1"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}\"(Default)"="MsgList PropertyPage"  
    HKEY_CLASSES_ROOT\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\dwshk36.HookPage.1\"(Default)"="HookPage ProppertyPage"
    HKEY_CLASSES_ROOT\dwshk36.HookPage.1\CLSID\"(Default)"="{2C704DBD-9C46-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.HookPage\"(Default)"="HookPage ProppertyPage"
    HKEY_CLASSES_ROOT\dwshk36.HookPage\CurVer\"(Default)"="dwshk36.HookPage.1"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}\"(Default)"="HookPage ProppertyPage"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\dwshk36.KeyPage.1\"(Default)"="KeyPage PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.KeyPage.1\CLSID\"(Default)"="{6E29B981-9C50-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.KeyPage\"(Default)"="KeyPage PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.KeyPage\CurVer\"(Default)"="dwshk36.KeyPage.1"
    HKEY_CLASSES_ROOT\CLSID\{6E29B981-9C50-11D1-B784-00001C1AD1F8}\"(Default)"="KeyPage PropertyPage"  
    HKEY_CLASSES_ROOT\CLSID\{6E29B981-9C50-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{6E29B981-9C50-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\dwshk36.KeyList.1\"(Default)"="KeyList PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.KeyList.1\CLSID\"(Default)"="{6E29B982-9C50-11D1-B784-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\dwshk36.KeyList\"(Default)"="KeyList PropertyPage"  
    HKEY_CLASSES_ROOT\dwshk36.KeyList\CurVer\"(Default)"="dwshk36.KeyList.1"
    HKEY_CLASSES_ROOT\CLSID\{6E29B982-9C50-11D1-B784-00001C1AD1F8}\"(Default)"="KeyList PropertyPage"  
    HKEY_CLASSES_ROOT\CLSID\{6E29B982-9C50-11D1-B784-00001C1AD1F8}\InprocServer32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\CLSID\{6E29B982-9C50-11D1-B784-00001C1AD1F8}\InprocServer32\ThreadingModel"="Apartment"
    HKEY_CLASSES_ROOT\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}\6.0\"(Default)"="Desaware SpyWorks 6 Hook Control"  
    HKEY_CLASSES_ROOT\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}\6.0\FLAGS\"(Default)"="2"
    HKEY_CLASSES_ROOT\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}\6.0\0\win32\"(Default)"="C:\WINNT\system32\DWSHK36.OCX"
    HKEY_CLASSES_ROOT\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}\6.0\HELPDIR\"(Default)"="C:\WINNT\system32\"
    HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}\"(Default)"="Idwshk35"  
    HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}\ProxyStubClsid\"(Default)"="{00020424-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}\ProxyStubClsid32\"(Default)"="{00020424-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}\TypeLib\"(Default)"="{389B19AA-9A87-11D1-B77F-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}\TypeLib\Version"="6.0"
    HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}\"(Default)"="_DDwshkEvents"
    HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}\ProxyStubClsid\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}\ProxyStubClsid32\"(Default)"="{00020420-0000-0000-C000-000000000046}"
    HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}\TypeLib\"(Default)"="{389B19AA-9A87-11D1-B77F-00001C1AD1F8}"
    HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}\TypeLib\"Version"="6.0"
    HKEY_CLASSES_ROOT\Licenses\"(Default)"="Licensing: Copying the keys may be a violation of established copyrights."
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinKeyG.exe\"(Default)"="C:\Program Files\Win Key Genie\WinKeyG.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1\"ApplicationName"="WinKeyG.exe"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1\"DisplayName"="Win Key Genie - VsiSystems.com"
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1\UninstallString"="C:\WINNT\st6unst.exe -n "C:\Program Files\Win Key Genie\ST6UNST.LOG"  "
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1\"AppToUninstall"="WinKeyG.exe"


2. Creates the following files:
%ProgramFiles%\Win Key Genie\WinKeyG.exe
%SystemDrive%\Documents and Settings\Administrator\start menu\programs\win key genie\win key genie 3.1.lnk
%ProgramFiles%\Win Key Genie\st6unst.log


Notes:
  • %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.
  • %SystemDrive% is a variable that refers to the drive on which the Windows installation resides. By default, this is drive C:\.





Note: Removing this spyware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
  1. Update the virus definitions.
  2. Uninstall Win Key Genie using the Add/Remove Programs utility.
  3. Run a full system scan and delete all the files detected as Spyware.WinKeyG.
  4. Delete the keys that were added to the registry.

For specific details on each of these steps, read the following instructions.
  1. To update virus definitions
    Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
    • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
    • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

      The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

  2. To uninstall Spyware.WinKeyG
    Do one of the following:
    • On the Windows 98 taskbar:
      • Click Start > Settings > Control Panel.
      • In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
      • Click Start > Settings > Control Panel.
      • In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
      • Click Start > Control Panel.
      • In the Control Panel window, double-click Add or Remove Programs.


    1. Click Win Key Genie - VsiSystems.com.

      Note:
      You may need to use the scroll bar to view the whole list.

    2. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

3. To scan for and delete infected files
    1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
    2. Run a full system scan.
    3. If any files are detected as infected with Spyware.WinKeyG, click Delete.

      Note:
      If you ran the Add/Remove programs applet as described in the previous section, it is possible that all the files were removed, and therefore, none of the files will be detected.
4. To delete the registry keys

Important:
Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.

Note:
This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.
  1. Click Start > Run.
  2. In the Open box, type: regedit
  3. Click OK.
  4. Navigate to and delete the keys that were added.
  5. Exit the Registry Editor.