by dk2rb » November 7th, 2008, 8:28 am
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 11/7/2008 7:21:36 AM for strings:
; '$sys$'
; 'ecddiskproducer'
; 'sonybmg'
; 'crater'
; 'aries'
; 'qwap'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\$sys$reference]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}]
@="Object for constructing type libraries for scriptlets"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}]
@="MSOLAPAuxiliaries Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}\ProgID]
@="MSOlapAdmin2.MSOLAPAuxiliaries.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}\VersionIndependentProgID]
@="MSOlapAdmin2.MSOLAPAuxiliaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\ToolboxBitmap32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CE546FF-9128-465E-B5C5-5A36CFC2C285}\InprocServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ECB650F-4630-41D3-AC9A-C8F926FC5907}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6205B8C9-75FF-4623-A50A-88E1F14EAFF2}\InprocServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D54F3D-652D-4ab3-A1A6-14D403F6C813}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0F93E27-F05D-4153-A151-F3720369A4C7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACA26BD2-7C61-11cf-B21A-00AA00A215ED}]
@="User-specified dictionaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADE424F3-AA10-471D-8A0A-687534555900}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB023FC5-AA10-47CE-8A0A-6875C17B5914}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E16C0594-128F-11D1-97E4-00C04FB9618A}]
@="ARIES Log Recovery Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBB2FF12-861A-42b6-B815-B1AF4D944916}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F25BC7B7-C60D-4FB9-AAE4-3CA0F6C7038A}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\brpinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InstalledVersion]
"F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"="5,1,2600,1106"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E06-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E08-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E09-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP]
"FriendlyTypeName"="@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,-2100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP\shell\open\command]
; Contents of value:
; %SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,45,00,41,00,4c,00,54,00,48,00,5c,00,48,00,45,00,\
4c,00,50,00,43,00,54,00,52,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2d,00,46,00,72,00,6f,00,6d,00,48,00,43,00,50,00,20,00,2d,00,75,\
00,72,00,6c,00,20,00,22,00,25,00,31,00,22,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000209AC-0000-0000-C000-000000000046}]
@="Dictionaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000209E0-0000-0000-C000-000000000046}]
@="HangulHanjaConversionDictionaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{349C6ABD-A30C-11D1-ABE5-00C04FC30999}]
@="IMSOLAPAuxiliaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0955950-C777-4370-8837-B0F8D8189FB9}]
@="IHMESharedLibrariesEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSInfo.Document]
"FriendlyTypeName"="@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll,-391"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries]
@="MSOLAPAuxiliaries Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1]
@="MSOLAPAuxiliaries Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsRcIncident\DefaultIcon]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,\
6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsRcIncident\shell\open\command]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,\
6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2d,00,4d,00,6f,00,64,00,65,00,20,00,22,00,68,00,63,00,70,00,3a,\
00,2f,00,2f,00,73,00,79,00,73,00,74,00,65,00,6d,00,2f,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,25,00,25,00,32,00,30,00,41,00,73,00,73,00,69,00,73,00,74,\
00,61,00,6e,00,63,00,65,00,2f,00,52,00,41,00,43,00,6c,00,69,00,65,00,6e,00,\
74,00,4c,00,61,00,79,00,6f,00,75,00,74,00,2e,00,78,00,6d,00,6c,00,22,00,20,\
00,2d,00,75,00,72,00,6c,00,20,00,22,00,68,00,63,00,70,00,3a,00,2f,00,2f,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,2f,00,52,00,65,00,6d,00,6f,00,74,00,65,\
00,25,00,25,00,32,00,30,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,\
63,00,65,00,2f,00,49,00,6e,00,74,00,65,00,72,00,61,00,63,00,74,00,69,00,6f,\
00,6e,00,2f,00,43,00,6c,00,69,00,65,00,6e,00,74,00,2f,00,72,00,63,00,74,00,\
6f,00,6f,00,6c,00,53,00,63,00,72,00,65,00,65,00,6e,00,31,00,2e,00,68,00,74,\
00,6d,00,22,00,20,00,2d,00,45,00,78,00,74,00,72,00,61,00,41,00,72,00,67,00,\
75,00,6d,00,65,00,6e,00,74,00,20,00,22,00,49,00,6e,00,63,00,69,00,64,00,65,\
00,6e,00,74,00,46,00,69,00,6c,00,65,00,3d,00,25,00,31,00,22,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Scriptlet.TypeLib]
@="Object for constructing type libraries for scriptlets"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AC18319-0739-4377-8984-848573D519A5}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AC18319-0739-4377-8984-848573D519A5}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{833E4000-AFF7-4AC3-AAC2-9F24C1457BCE}\1.0\0\win32]
@="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{833E4000-AFF7-4AC3-AAC2-9F24C1457BCE}\1.0\HELPDIR]
@="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C65657D9-5C4B-421E-8DA6-AD4D590FE854}\1.0\0\win32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C65657D9-5C4B-421E-8DA6-AD4D590FE854}\1.0\HELPDIR]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CA9F6CB1-47F1-4874-90CB-C674E9A86495}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\brpinfo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CA9F6CB1-47F1-4874-90CB-C674E9A86495}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\ECDDiscProducers]
"SONYBMG"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"F:\\Program Files\\Sibelius Software\\Sibelius 5 Demo\\Syllabification Dictionaries\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B67353C23B9C6345AA46FDFADD82F69]
"9040AC1900063D11C8EF10054038389C"="01:\\Software\\Microsoft\\Shared Tools\\Proofing Tools\\Custom Dictionaries\\1"
"00000000000000000000000000000000"="01:\\Software\\Microsoft\\Shared Tools\\Proofing Tools\\Custom Dictionaries\\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F65865963B6B0EB4ABB0F894B53E0233\Features]
"AppleSoftwareUpdate"="15?%n%iWs=,E&5u5w[eR=}uyqC2$5AJw']^Z]fR_TQ?B20utg(.L?N3&lrLW]=9fmturW?Yf}fKb.'_apI4!8fTO=9.}t`bY^%E=)BK]]^473=Q9V*LEukGnH&5W=46ub8Zx?`,lU@f.,f.JsZxcz9MXl[W2{@fg(B$oDHjUw=_Bj-mv0d7H~MyTSbPYc9gDnYoI${fi1WB`2ZiNH@squ`^VhDU1.~gK0J00a=H5*A=Ei%O24K8K*z{.^82R73@h[wqTX3!]pC(zr?HB~'+5oul=+!{dQPR(==Ut9B*g69%Z7k4IQJER$=e5e.v3X7{A9Yw5AETNa8I`3`!G.{~Gv8hB1@%~@?44U=?zEaDk@WU,&To44@kA2CE6W(zfz,%%^kIIH9)=J&?VPPtyC.A&2.8!i?+i(&r]SosQzDIoyO-ox=)y['Eq7PU-i4,('PwW[8%D]2CT%C`&&['Q&&mBI9Xh[cZ}7HEtQcEE-K!V=@QwAP1)7klbxqWU(343)A(Z^dWs{kpUZ^EB`cihm=tX!&u5+K+DLH(*N{hM$?])V)S6f9ASCq4+v9Bq39^kX?9]5`bv(B7!WQyrp?.%2p`5u5xQ&'QGlP@W~?cE_ei}*^C6Ep)J$1e,g@SM8FjQX*jVI+!S3nGf?9A?A'Zx}s)5A6z,O]B&X@iCqA70dq'dnFWopYNN1=[_'-%Vjl(yp3a,f(EM2=Cxxrz6k[7v=hxHL^&0t9u?0GKJ-cmHmi5d6!(I!97st-j.YW9^"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1275210071-1450960922-725345543-1005\Components\59091B066108EC9449E724912973C285]
"9FE4C76AD52738C46AA7BBB7D79EC64F"="F:\\Program Files\\Sibelius Software\\Sibelius 5 Demo\\Syllabification Dictionaries\\Latin.ssd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7]
"Identity"="Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32\",version=\"6.0.0.0\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Codebases]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Codebases\OS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\References]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a]
"Identity"="Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32\",version=\"6.0.9792.0\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Codebases]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Codebases\U_Service Pack 3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\References]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f]
"Identity"="policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32-policy\",version=\"6.0.9792.0\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Codebases]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Codebases\U_Service Pack 3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\References]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe
"MicrosoftRedirectionProgram"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,\
52,00,6f,00,6f,00,74,00,25,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,\
00,68,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,\
6e,00,61,00,72,00,69,00,65,00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,\
00,72,00,2e,00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\SONYBMG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
[HKEY_CURRENT_USER\Software\Google\GECommonSettings\Layers]
"National Forest Boundaries"=dword:00000000
"Park Boundaries"=dword:00000000
"Postal Code Boundaries"=dword:00000000
"City Boundaries"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Research\Sources\{2418FD38-D4CD-45B5-935C-2A9E4494C32F}]
"ProviderName"="Translation (Installed Dictionaries)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Research\Sources\{2418FD38-D4CD-45B5-935C-2A9E4494C32F}\{FBBBB79E-9F02-4E5A-BA58-3674A1919488}]
"Description"="Includes installed bilingual dictionaries, online bilingual dictionaries, and online machine translation services. To enable or disable a specific translation source, use the Translation Options link."
[HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Custom Dictionaries]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll,-391"="MSInfo Document"
; End Of The Log...
Also, I've noticed that the malware has only hacked my address bar in Internet Explorer. If i put anything in the address bar, then i'm redirected to the virus download page. (this is also true in windows explorer, and in windows explorer when i hit the up button)