API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 27th, 2013
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 152.03 KB | None | 0 0
raw download clone embed print report
  1. ___ __ _
  2. + /- / | ____ __ __/ /_ (_)____ -\ +
  3. /s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\
  4. oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho
  5. shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs
  6. -:+hhdhyys/- -\syyhdhh+:-
  7. -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\-
  8. /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\
  9. -+++///////odh/- -+hdo\\\\\\\+++-
  10. +++++++++//yy+/: :\+yy\\+++++++++
  11. /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\
  12. +oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+
  13. +oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+
  14.  
  15.  
  16. [#############################################################################]
  17. Analysis Report for npm8detector.dll
  18. MD5: 9a8657a61daeafd7053017103ab53cd6
  19. [#############################################################################]
  20.  
  21.  
  22. [=============================================================================]
  23. Table of Contents
  24. [=============================================================================]
  25.  
  26. - General information
  27. - dll_analysis.exe
  28. a) Registry Activities
  29. b) File Activities
  30. c) Process Activities
  31. d) Other Activities
  32. - regsvr32.exe
  33. a) Registry Activities
  34. b) File Activities
  35. - regsvr32.exe
  36. a) Registry Activities
  37. b) File Activities
  38. - regsvr32.exe
  39. a) Registry Activities
  40. b) File Activities
  41.  
  42.  
  43. [#############################################################################]
  44. 1. General Information
  45. [#############################################################################]
  46. [=============================================================================]
  47. Information about Anubis' invocation
  48. [=============================================================================]
  49. Time needed: 272 s
  50. Report created: 11/27/13, 15:01:42 UTC
  51. Termination reason: Timeout
  52. Program version: 1.76.3886
  53.  
  54.  
  55. [#############################################################################]
  56. 2. dll_analysis.exe
  57. [#############################################################################]
  58. [=============================================================================]
  59. General information about this executable
  60. [=============================================================================]
  61. Analysis Reason: Primary Analysis Subject
  62. Filename: dll_analysis.exe
  63. MD5: 9a8657a61daeafd7053017103ab53cd6
  64. SHA-1: fc8b94e5f708f992e88fce3d6071361046250250
  65. File Size: 303104 Bytes
  66. Command Line: "C:\\dll_analysis.exe" -d C:\npm8detect.exe
  67. Process-status
  68. at analysis end: alive
  69. Exit Code: 0
  70.  
  71. [=============================================================================]
  72. Load-time Dlls
  73. [=============================================================================]
  74. Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  75. Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  76. Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
  77. Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  78. Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  79. Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  80. Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  81. Base Address: [0x77E70000 ], Size: [0x00092000 ]
  82. Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  83. Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  84. Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  85. Base Address: [0x77F60000 ], Size: [0x00076000 ]
  86. Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  87. Base Address: [0x77F10000 ], Size: [0x00049000 ]
  88. Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  89. Base Address: [0x7E410000 ], Size: [0x00091000 ]
  90. Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  91. Base Address: [0x77C10000 ], Size: [0x00058000 ]
  92.  
  93. [=============================================================================]
  94. Run-time Dlls
  95. [=============================================================================]
  96. Module Name: [ C:\Program Files\Common Files\d1.tmp.dll ],
  97. Base Address: [0x10000000 ], Size: [0x00128000 ]
  98. Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
  99. Base Address: [0x71AA0000 ], Size: [0x00008000 ]
  100. Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
  101. Base Address: [0x71AB0000 ], Size: [0x00017000 ]
  102. Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
  103. Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
  104. Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
  105. Base Address: [0x77120000 ], Size: [0x0008B000 ]
  106. Module Name: [ C:\WINDOWS\system32\WININET.dll ],
  107. Base Address: [0x771B0000 ], Size: [0x000AA000 ]
  108. Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
  109. Base Address: [0x773D0000 ], Size: [0x00103000 ]
  110. Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  111. Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  112. Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
  113. Base Address: [0x77A80000 ], Size: [0x00095000 ]
  114. Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
  115. Base Address: [0x77B20000 ], Size: [0x00012000 ]
  116. Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
  117. Base Address: [0x77B40000 ], Size: [0x00022000 ]
  118. Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  119. Base Address: [0x77C00000 ], Size: [0x00008000 ]
  120. Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
  121. Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
  122.  
  123. [=============================================================================]
  124. Program output
  125. [=============================================================================]
  126. Stdout:
  127. Renaming input file to .\d1.tmp.dll
  128. found dll entry point at 0x10079ee0
  129. found NP_Shutdown at 0x10092ce0
  130. found NP_Initialize at 0x10092eb0
  131. found NP_GetEntryPoints at 0x10093090
  132. found DllCanUnloadNow at 0x10093300
  133. found DllGetClassObject at 0x100934b0
  134. found DllUnregisterServer at 0x100935e0
  135. found DllRegisterServer at 0x100936d0
  136. found DllInstall at 0x100937c0
  137. Dll is not a BHO
  138. Invoking regsvr32
  139. calling DllMain
  140. {
  141.  
  142. }
  143. done
  144. skip dll entry point at 0x10079ee0
  145. calling NP_Shutdown at 0x10092ce0
  146. {
  147.  
  148. }
  149. done (return value 0x0)
  150. calling NP_Initialize at 0x10092eb0
  151. {
  152.  
  153. }
  154. done (return value 0x0)
  155. calling NP_GetEntryPoints at 0x10093090
  156. {
  157.  
  158. }
  159. done (return value 0x0)
  160. calling DllCanUnloadNow at 0x10093300
  161. {
  162.  
  163. }
  164. done (return value 0x0)
  165. calling DllGetClassObject at 0x100934b0
  166. {
  167.  
  168. }
  169.  
  170. [=============================================================================]
  171. 2.a) dll_analysis.exe - Registry Activities
  172. [=============================================================================]
  173. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  174. Registry Values Read:
  175. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  176. Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  177. Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  178. Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
  179. Value Name: [ Installed ], Value: [ 0 ], 3 times
  180. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
  181. Value Name: [ * ], Value: [ 1 ], 1 time
  182. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
  183. Value Name: [ * ], Value: [ 1 ], 1 time
  184. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
  185. Value Name: [ AppInit_DLLs ], Value: [ ], 1 time
  186. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  187. Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time
  188. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  189. Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time
  190. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  191. Value Name: [ PolicyScope ], Value: [ 0 ], 1 time
  192. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  193. Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times
  194. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  195. Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  196. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  197. Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time
  198. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  199. Value Name: [ ItemSize ], Value: [ 779 ], 1 time
  200. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  201. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  202. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  203. Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  204. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  205. Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time
  206. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  207. Value Name: [ ItemSize ], Value: [ 517 ], 1 time
  208. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  209. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  210. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  211. Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  212. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  213. Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time
  214. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  215. Value Name: [ ItemSize ], Value: [ 918 ], 1 time
  216. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  217. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  218. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  219. Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  220. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  221. Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time
  222. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  223. Value Name: [ ItemSize ], Value: [ 229 ], 1 time
  224. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  225. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  226. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  227. Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  228. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  229. Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time
  230. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  231. Value Name: [ ItemSize ], Value: [ 370 ], 1 time
  232. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  233. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  234. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
  235. Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time
  236. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
  237. Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  238. Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  239. Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
  240. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
  241. Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
  242. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  243. Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
  244. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  245. Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
  246. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  247. Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
  248. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  249. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  250. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  251. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  252. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  253. Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
  254. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  255. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  256. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  257. Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
  258. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  259. Value Name: [ Version ], Value: [ 0 ], 1 time
  260. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  261. Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
  262. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  263. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  264. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  265. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
  266. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  267. Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
  268. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  269. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  270. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  271. Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
  272. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  273. Value Name: [ Version ], Value: [ 0 ], 1 time
  274. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  275. Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
  276. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  277. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  278. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  279. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  280. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  281. Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
  282. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  283. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  284. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  285. Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
  286. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  287. Value Name: [ Version ], Value: [ 0 ], 1 time
  288. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  289. Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
  290. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  291. Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
  292. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  293. Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
  294. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
  295. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  296. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
  297. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  298. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
  299. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  300. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
  301. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  302. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
  303. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  304. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
  305. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  306. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
  307. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  308. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
  309. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  310. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
  311. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  312. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
  313. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  314. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
  315. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  316. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
  317. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  318. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
  319. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  320. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
  321. Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time
  322.  
  323. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  324. Monitored Registry Keys:
  325. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  326. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  327. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  328. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  329. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  330.  
  331.  
  332. [=============================================================================]
  333. 2.b) dll_analysis.exe - File Activities
  334. [=============================================================================]
  335. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  336. Files Renamed:
  337. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  338. Old File Name: [ C:\npm8detect.exe ], New File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  339.  
  340. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  341. File System Control Communication:
  342. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  343. File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
  344.  
  345. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  346. Device Control Communication:
  347. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  348. File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time
  349.  
  350. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  351. Memory Mapped Files:
  352. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  353. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  354. File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
  355. File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  356. File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
  357. File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
  358. File Name: [ C:\WINDOWS\system32\WININET.dll ]
  359. File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
  360. File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
  361. File Name: [ C:\WINDOWS\system32\regsvr32.exe ]
  362. File Name: [ C:\WINDOWS\system32\urlmon.dll ]
  363. File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
  364.  
  365. [=============================================================================]
  366. 2.c) dll_analysis.exe - Process Activities
  367. [=============================================================================]
  368. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  369. Processes Created:
  370. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  371. Executable: [ C:\WINDOWS\system32\regsvr32.exe ], Command Line: [ ]
  372. Executable: [ ], Command Line: [ regsvr32.exe /u /s .\d1.tmp.dll ]
  373. Executable: [ C:\WINDOWS\system32\regsvr32.exe ], Command Line: [ ]
  374. Executable: [ ], Command Line: [ regsvr32.exe /c /s .\d1.tmp.dll ]
  375. Executable: [ C:\WINDOWS\system32\regsvr32.exe ], Command Line: [ ]
  376. Executable: [ ], Command Line: [ regsvr32.exe /c /s .\d1.tmp.dll ]
  377.  
  378. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  379. Remote Threads Created:
  380. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  381. Affected Process: [ C:\WINDOWS\system32\regsvr32.exe ]
  382. Affected Process: [ C:\WINDOWS\system32\regsvr32.exe ]
  383. Affected Process: [ C:\WINDOWS\system32\regsvr32.exe ]
  384.  
  385. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  386. Foreign Memory Regions Read:
  387. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  388. Process: [ C:\WINDOWS\system32\regsvr32.exe ]
  389.  
  390. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  391. Foreign Memory Regions Written:
  392. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  393. Process: [ C:\WINDOWS\system32\regsvr32.exe ]
  394.  
  395.  
  396. [=============================================================================]
  397. 2.d) dll_analysis.exe - Other Activities
  398. [=============================================================================]
  399. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  400. Mutexes Created:
  401. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  402. Mutex: [ ZonesCacheCounterMutex ]
  403. Mutex: [ ZonesCounterMutex ]
  404. Mutex: [ ZonesLockedCacheCounterMutex ]
  405.  
  406. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  407. Windows SEH exceptions:
  408. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  409. Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100a4400 ], 1 time
  410.  
  411. Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100a43a0 ], 1 time
  412.  
  413. Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10077dcd ], 1 time
  414.  
  415.  
  416.  
  417.  
  418. [#############################################################################]
  419. 3. regsvr32.exe
  420. [#############################################################################]
  421. [=============================================================================]
  422. General information about this executable
  423. [=============================================================================]
  424. Analysis Reason: Started by dll_analysis.exe
  425. Filename: regsvr32.exe
  426. MD5: fbdb9d0935b9907b809b381fddf1627f
  427. SHA-1: 14d7e5daa80a19fe18a8098e2fc56fe3aac52bd9
  428. File Size: 11776 Bytes
  429. Command Line: regsvr32.exe /u /s .\d1.tmp.dll
  430. Process-status
  431. at analysis end: dead
  432. Exit Code: 0
  433.  
  434. [=============================================================================]
  435. Load-time Dlls
  436. [=============================================================================]
  437. Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  438. Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  439. Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
  440. Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  441. Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  442. Base Address: [0x77C10000 ], Size: [0x00058000 ]
  443. Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  444. Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  445. Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  446. Base Address: [0x77E70000 ], Size: [0x00092000 ]
  447. Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  448. Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  449. Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  450. Base Address: [0x7E410000 ], Size: [0x00091000 ]
  451. Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  452. Base Address: [0x77F10000 ], Size: [0x00049000 ]
  453. Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  454. Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  455. Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
  456. Base Address: [0x5CB70000 ], Size: [0x00026000 ]
  457. Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ],
  458. Base Address: [0x6F880000 ], Size: [0x001CA000 ]
  459. Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
  460. Base Address: [0x76B40000 ], Size: [0x0002D000 ]
  461. Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
  462. Base Address: [0x77120000 ], Size: [0x0008B000 ]
  463. Module Name: [ C:\WINDOWS\system32\MSACM32.dll ],
  464. Base Address: [0x77BE0000 ], Size: [0x00015000 ]
  465. Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  466. Base Address: [0x77C00000 ], Size: [0x00008000 ]
  467. Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
  468. Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
  469. Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  470. Base Address: [0x77F60000 ], Size: [0x00076000 ]
  471. Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
  472. Base Address: [0x769C0000 ], Size: [0x000B4000 ]
  473. Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
  474. Base Address: [0x5AD70000 ], Size: [0x00038000 ]
  475. Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
  476. Base Address: [0x773D0000 ], Size: [0x00103000 ]
  477. Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
  478. Base Address: [0x5D090000 ], Size: [0x0009A000 ]
  479.  
  480. [=============================================================================]
  481. Run-time Dlls
  482. [=============================================================================]
  483. Module Name: [ C:\Program Files\Common Files\d1.tmp.dll ],
  484. Base Address: [0x10000000 ], Size: [0x00128000 ]
  485. Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
  486. Base Address: [0x71AA0000 ], Size: [0x00008000 ]
  487. Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
  488. Base Address: [0x71AB0000 ], Size: [0x00017000 ]
  489. Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
  490. Base Address: [0x74720000 ], Size: [0x0004C000 ]
  491. Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
  492. Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
  493. Module Name: [ C:\WINDOWS\system32\WININET.dll ],
  494. Base Address: [0x771B0000 ], Size: [0x000AA000 ]
  495. Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
  496. Base Address: [0x77A80000 ], Size: [0x00095000 ]
  497. Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
  498. Base Address: [0x77B20000 ], Size: [0x00012000 ]
  499. Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
  500. Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
  501.  
  502. [=============================================================================]
  503. 3.a) regsvr32.exe - Registry Activities
  504. [=============================================================================]
  505. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  506. Registry Keys Created:
  507. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  508. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1 ]
  509. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1\CLSID ]
  510. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector ]
  511. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CLSID ]
  512. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CurVer ]
  513. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  514. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ]
  515. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ]
  516. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Programmable ]
  517. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ]
  518. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Control ]
  519. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ]
  520. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ]
  521. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ]
  522. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ]
  523. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME ]
  524. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database ]
  525. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type ]
  526. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ]
  527. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved ]
  528. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  529. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  530. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ]
  531. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains ]
  532. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains\* ]
  533. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins ]
  534. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ]
  535.  
  536. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  537. Registry Values Modified:
  538. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  539. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector ],
  540. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  541. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1 ],
  542. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  543. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1\CLSID ],
  544. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  545. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CLSID ],
  546. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  547. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CurVer ],
  548. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  549. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  550. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  551. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  552. Value Name: [ AppID ], New Value: [ {B415CD14-B45D-4BCA-B552-B06175C38606} ]
  553. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  554. Value Name: [ ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  555. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  556. Value Name: [ ThreadingModel ], New Value: [ Apartment ]
  557. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ],
  558. Value Name: [ ], New Value: [ 0 ]
  559. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ],
  560. Value Name: [ ], New Value: [ 131473 ]
  561. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ],
  562. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  563. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ],
  564. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  565. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ],
  566. Value Name: [ ], New Value: [ 1 ]
  567. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ],
  568. Value Name: [ ], New Value: [ BPI.m8detector ]
  569. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  570. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  571. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  572. Value Name: [ CLSID ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  573. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  574. Value Name: [ Extension ], New Value: [ ]
  575. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ],
  576. Value Name: [ Count ], New Value: [ 0 ]
  577. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ],
  578. Value Name: [ Path ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  579.  
  580. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  581. Registry Values Read:
  582. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  583. Key: [ HKLM\SOFTWARE\CLASSES\.DLL ],
  584. Value Name: [ ], Value: [ dllfile ], 1 time
  585. Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
  586. Value Name: [ CUAS ], Value: [ 0 ], 1 time
  587. Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  588. Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  589. Key: [ HKLM\SYSTEM\Setup ],
  590. Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
  591. Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
  592. Value Name: [ Installed ], Value: [ 0 ], 1 time
  593. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  594. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time
  595. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  596. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  597. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  598. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  599. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  600. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  601. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  602. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time
  603. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  604. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  605. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  606. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  607. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  608. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  609. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  610. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time
  611. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  612. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  613. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  614. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  615. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  616. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  617. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  618. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time
  619. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  620. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  621. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  622. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  623. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  624. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  625. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  626. Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time
  627. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  628. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  629. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  630. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  631. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  632. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  633. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  634. Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time
  635. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  636. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  637. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  638. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  639. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  640. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  641. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  642. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time
  643. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  644. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  645. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  646. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  647. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  648. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  649. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  650. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time
  651. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  652. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  653. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  654. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  655. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  656. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  657. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  658. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time
  659. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  660. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  661. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  662. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  663. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  664. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  665. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  666. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time
  667. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  668. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  669. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  670. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  671. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  672. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  673. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
  674. Value Name: [ * ], Value: [ 1 ], 1 time
  675. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
  676. Value Name: [ * ], Value: [ 1 ], 1 time
  677. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  678. Value Name: [ midimapper ], Value: [ ], 2 times
  679. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  680. Value Name: [ msacm.iac2 ], Value: [ ], 2 times
  681. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  682. Value Name: [ msacm.imaadpcm ], Value: [ ], 3 times
  683. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  684. Value Name: [ msacm.l3acm ], Value: [ ], 2 times
  685. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  686. Value Name: [ msacm.msadpcm ], Value: [ ], 3 times
  687. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  688. Value Name: [ msacm.msaudio1 ], Value: [ ], 3 times
  689. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  690. Value Name: [ msacm.msg711 ], Value: [ msg711.acm ], 3 times
  691. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  692. Value Name: [ msacm.msg723 ], Value: [ ], 3 times
  693. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  694. Value Name: [ msacm.msgsm610 ], Value: [ ], 3 times
  695. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  696. Value Name: [ msacm.sl_anet ], Value: [ sl_anet.acm ], 2 times
  697. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  698. Value Name: [ msacm.trspch ], Value: [ ], 3 times
  699. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  700. Value Name: [ vidc.I420 ], Value: [ ], 2 times
  701. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  702. Value Name: [ vidc.M261 ], Value: [ ], 2 times
  703. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  704. Value Name: [ vidc.M263 ], Value: [ ], 2 times
  705. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  706. Value Name: [ vidc.cvid ], Value: [ ], 2 times
  707. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  708. Value Name: [ vidc.iv31 ], Value: [ ], 2 times
  709. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  710. Value Name: [ vidc.iv32 ], Value: [ ], 2 times
  711. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  712. Value Name: [ vidc.iv41 ], Value: [ ], 2 times
  713. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  714. Value Name: [ vidc.iv50 ], Value: [ ], 1 time
  715. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  716. Value Name: [ vidc.iyuv ], Value: [ ], 2 times
  717. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  718. Value Name: [ vidc.mrle ], Value: [ ], 2 times
  719. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  720. Value Name: [ vidc.msvc ], Value: [ ], 2 times
  721. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  722. Value Name: [ vidc.uyvy ], Value: [ ], 2 times
  723. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  724. Value Name: [ vidc.yuy2 ], Value: [ ], 2 times
  725. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  726. Value Name: [ vidc.yvu9 ], Value: [ ], 2 times
  727. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  728. Value Name: [ vidc.yvyu ], Value: [ ], 2 times
  729. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  730. Value Name: [ wavemapper ], Value: [ ], 2 times
  731. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
  732. Value Name: [ AppInit_DLLs ], Value: [ ], 1 time
  733. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  734. Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
  735. Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
  736. Value Name: [ wheel ], Value: [ 1 ], 1 time
  737. Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
  738. Value Name: [ ProductType ], Value: [ WinNT ], 1 time
  739. Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  740. Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
  741. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
  742. Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
  743. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  744. Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
  745. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  746. Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
  747. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  748. Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
  749. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  750. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  751. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  752. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  753. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  754. Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
  755. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  756. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  757. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  758. Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
  759. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  760. Value Name: [ Version ], Value: [ 0 ], 1 time
  761. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  762. Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
  763. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  764. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  765. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  766. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
  767. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  768. Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
  769. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  770. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  771. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  772. Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
  773. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  774. Value Name: [ Version ], Value: [ 0 ], 1 time
  775. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  776. Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
  777. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  778. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  779. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  780. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  781. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  782. Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
  783. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  784. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  785. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  786. Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
  787. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  788. Value Name: [ Version ], Value: [ 0 ], 1 time
  789. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  790. Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
  791. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  792. Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
  793. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  794. Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
  795. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
  796. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  797. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
  798. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  799. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
  800. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  801. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
  802. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  803. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
  804. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  805. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
  806. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  807. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
  808. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  809. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
  810. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  811. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
  812. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  813. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
  814. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  815. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
  816. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  817. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
  818. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  819. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
  820. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  821. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  822. Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
  823. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  824. Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
  825. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ],
  826. Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time
  827. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  828. Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
  829. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  830. Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
  831.  
  832. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  833. Monitored Registry Keys:
  834. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  835. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  836. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  837. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  838. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  839.  
  840.  
  841. [=============================================================================]
  842. 3.b) regsvr32.exe - File Activities
  843. [=============================================================================]
  844. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  845. Files Read:
  846. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  847. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  848.  
  849. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  850. File System Control Communication:
  851. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  852. File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
  853.  
  854. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  855. Device Control Communication:
  856. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  857. File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
  858.  
  859. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  860. Memory Mapped Files:
  861. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  862. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  863. File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ]
  864. File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
  865. File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  866. File Name: [ C:\WINDOWS\system32\MSACM32.dll ]
  867. File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
  868. File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
  869. File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
  870. File Name: [ C:\WINDOWS\system32\ShimEng.dll ]
  871. File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
  872. File Name: [ C:\WINDOWS\system32\WININET.dll ]
  873. File Name: [ C:\WINDOWS\system32\WINMM.dll ]
  874. File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
  875. File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
  876. File Name: [ C:\WINDOWS\system32\comctl32.dll ]
  877. File Name: [ C:\WINDOWS\system32\imm32.dll ]
  878. File Name: [ C:\WINDOWS\system32\rpcss.dll ]
  879. File Name: [ C:\WINDOWS\system32\urlmon.dll ]
  880. File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
  881.  
  882.  
  883. [#############################################################################]
  884. 4. regsvr32.exe
  885. [#############################################################################]
  886. [=============================================================================]
  887. General information about this executable
  888. [=============================================================================]
  889. Analysis Reason: Started by dll_analysis.exe
  890. Filename: regsvr32.exe
  891. Command Line: regsvr32.exe /c /s .\d1.tmp.dll
  892. Process-status
  893. at analysis end: dead
  894. Exit Code: 0
  895.  
  896. [=============================================================================]
  897. Load-time Dlls
  898. [=============================================================================]
  899. Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  900. Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  901. Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
  902. Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  903. Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  904. Base Address: [0x77C10000 ], Size: [0x00058000 ]
  905. Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  906. Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  907. Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  908. Base Address: [0x77E70000 ], Size: [0x00092000 ]
  909. Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  910. Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  911. Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  912. Base Address: [0x7E410000 ], Size: [0x00091000 ]
  913. Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  914. Base Address: [0x77F10000 ], Size: [0x00049000 ]
  915. Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  916. Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  917. Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
  918. Base Address: [0x5CB70000 ], Size: [0x00026000 ]
  919. Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ],
  920. Base Address: [0x6F880000 ], Size: [0x001CA000 ]
  921. Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
  922. Base Address: [0x76B40000 ], Size: [0x0002D000 ]
  923. Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
  924. Base Address: [0x77120000 ], Size: [0x0008B000 ]
  925. Module Name: [ C:\WINDOWS\system32\MSACM32.dll ],
  926. Base Address: [0x77BE0000 ], Size: [0x00015000 ]
  927. Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  928. Base Address: [0x77C00000 ], Size: [0x00008000 ]
  929. Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
  930. Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
  931. Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  932. Base Address: [0x77F60000 ], Size: [0x00076000 ]
  933. Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
  934. Base Address: [0x769C0000 ], Size: [0x000B4000 ]
  935. Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
  936. Base Address: [0x5AD70000 ], Size: [0x00038000 ]
  937. Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
  938. Base Address: [0x773D0000 ], Size: [0x00103000 ]
  939. Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
  940. Base Address: [0x5D090000 ], Size: [0x0009A000 ]
  941.  
  942. [=============================================================================]
  943. Run-time Dlls
  944. [=============================================================================]
  945. Module Name: [ C:\Program Files\Common Files\d1.tmp.dll ],
  946. Base Address: [0x10000000 ], Size: [0x00128000 ]
  947. Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
  948. Base Address: [0x71AA0000 ], Size: [0x00008000 ]
  949. Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
  950. Base Address: [0x71AB0000 ], Size: [0x00017000 ]
  951. Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
  952. Base Address: [0x74720000 ], Size: [0x0004C000 ]
  953. Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
  954. Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
  955. Module Name: [ C:\WINDOWS\system32\WININET.dll ],
  956. Base Address: [0x771B0000 ], Size: [0x000AA000 ]
  957. Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
  958. Base Address: [0x77A80000 ], Size: [0x00095000 ]
  959. Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
  960. Base Address: [0x77B20000 ], Size: [0x00012000 ]
  961. Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
  962. Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
  963.  
  964. [=============================================================================]
  965. 4.a) regsvr32.exe - Registry Activities
  966. [=============================================================================]
  967. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  968. Registry Keys Created:
  969. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  970. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID ]
  971. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606} ]
  972. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\npm8detector.dll ]
  973. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  974. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ]
  975. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ]
  976. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Programmable ]
  977. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ]
  978. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Control ]
  979. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ]
  980. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ]
  981. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ]
  982. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ]
  983. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  984. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  985. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ]
  986. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains ]
  987. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains\* ]
  988. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ]
  989. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib ]
  990. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  991. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0 ]
  992. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\FLAGS ]
  993. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\0 ]
  994. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\0\win32 ]
  995. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\HELPDIR ]
  996. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface ]
  997. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7} ]
  998. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid ]
  999. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid32 ]
  1000. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\TypeLib ]
  1001. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2} ]
  1002. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid ]
  1003. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid32 ]
  1004. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\TypeLib ]
  1005. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2} ]
  1006. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid ]
  1007. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid32 ]
  1008. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\TypeLib ]
  1009.  
  1010. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1011. Registry Keys Deleted:
  1012. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1013. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Control ]
  1014. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ]
  1015. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ]
  1016. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ]
  1017. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ]
  1018. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Programmable ]
  1019. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ]
  1020. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ]
  1021. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ]
  1022. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1023. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1024. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains\* ]
  1025. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains ]
  1026. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ]
  1027. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1028. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ]
  1029.  
  1030. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1031. Registry Values Modified:
  1032. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1033. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\npm8detector.dll ],
  1034. Value Name: [ AppID ], New Value: [ {B415CD14-B45D-4BCA-B552-B06175C38606} ]
  1035. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606} ],
  1036. Value Name: [ ], New Value: [ FireBreathWin ]
  1037. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector ],
  1038. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1039. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1 ],
  1040. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1041. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1\CLSID ],
  1042. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1043. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CLSID ],
  1044. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1045. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CurVer ],
  1046. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  1047. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  1048. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1049. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  1050. Value Name: [ AppID ], New Value: [ {B415CD14-B45D-4BCA-B552-B06175C38606} ]
  1051. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  1052. Value Name: [ ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1053. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  1054. Value Name: [ ThreadingModel ], New Value: [ Apartment ]
  1055. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ],
  1056. Value Name: [ ], New Value: [ 0 ]
  1057. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ],
  1058. Value Name: [ ], New Value: [ 131473 ]
  1059. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ],
  1060. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  1061. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ],
  1062. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  1063. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ],
  1064. Value Name: [ ], New Value: [ 1 ]
  1065. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ],
  1066. Value Name: [ ], New Value: [ BPI.m8detector ]
  1067. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1068. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1069. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1070. Value Name: [ CLSID ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1071. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1072. Value Name: [ Extension ], New Value: [ ]
  1073. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ],
  1074. Value Name: [ Count ], New Value: [ 0 ]
  1075. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ],
  1076. Value Name: [ Path ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1077. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7} ],
  1078. Value Name: [ ], New Value: [ IFBControl ]
  1079. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid ],
  1080. Value Name: [ ], New Value: [ {00020424-0000-0000-C000-000000000046} ]
  1081. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid32 ],
  1082. Value Name: [ ], New Value: [ {00020424-0000-0000-C000-000000000046} ]
  1083. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\TypeLib ],
  1084. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  1085. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\TypeLib ],
  1086. Value Name: [ Version ], New Value: [ 1.0 ]
  1087. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2} ],
  1088. Value Name: [ ], New Value: [ IFBComEventSource ]
  1089. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid ],
  1090. Value Name: [ ], New Value: [ {00020420-0000-0000-C000-000000000046} ]
  1091. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid32 ],
  1092. Value Name: [ ], New Value: [ {00020420-0000-0000-C000-000000000046} ]
  1093. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\TypeLib ],
  1094. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  1095. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\TypeLib ],
  1096. Value Name: [ Version ], New Value: [ 1.0 ]
  1097. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2} ],
  1098. Value Name: [ ], New Value: [ IFBComJavascriptObject ]
  1099. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid ],
  1100. Value Name: [ ], New Value: [ {00020424-0000-0000-C000-000000000046} ]
  1101. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid32 ],
  1102. Value Name: [ ], New Value: [ {00020424-0000-0000-C000-000000000046} ]
  1103. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\TypeLib ],
  1104. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  1105. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\TypeLib ],
  1106. Value Name: [ Version ], New Value: [ 1.0 ]
  1107. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0 ],
  1108. Value Name: [ ], New Value: [ m8detector 1.0 Type Library ]
  1109. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\0\win32 ],
  1110. Value Name: [ ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1111. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\FLAGS ],
  1112. Value Name: [ ], New Value: [ 0 ]
  1113. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\HELPDIR ],
  1114. Value Name: [ ], New Value: [ C:\Program Files\Common Files ]
  1115.  
  1116. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1117. Registry Values Read:
  1118. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1119. Key: [ HKLM\SOFTWARE\CLASSES\.DLL ],
  1120. Value Name: [ ], Value: [ dllfile ], 1 time
  1121. Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
  1122. Value Name: [ CUAS ], Value: [ 0 ], 1 time
  1123. Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  1124. Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  1125. Key: [ HKLM\SYSTEM\Setup ],
  1126. Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
  1127. Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
  1128. Value Name: [ Installed ], Value: [ 0 ], 1 time
  1129. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1130. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time
  1131. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1132. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1133. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1134. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1135. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1136. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1137. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1138. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time
  1139. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1140. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1141. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1142. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1143. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1144. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1145. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1146. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time
  1147. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1148. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1149. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1150. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1151. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1152. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1153. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1154. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time
  1155. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1156. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1157. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1158. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1159. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1160. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1161. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1162. Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time
  1163. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1164. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1165. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1166. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  1167. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1168. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1169. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1170. Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time
  1171. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1172. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1173. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1174. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  1175. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1176. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1177. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1178. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time
  1179. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1180. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1181. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1182. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1183. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1184. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1185. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1186. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time
  1187. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1188. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1189. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1190. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1191. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1192. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1193. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1194. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time
  1195. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1196. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1197. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1198. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1199. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1200. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1201. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1202. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time
  1203. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1204. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1205. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1206. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1207. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1208. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1209. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
  1210. Value Name: [ * ], Value: [ 1 ], 1 time
  1211. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
  1212. Value Name: [ * ], Value: [ 1 ], 1 time
  1213. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1214. Value Name: [ midimapper ], Value: [ ], 2 times
  1215. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1216. Value Name: [ msacm.iac2 ], Value: [ ], 2 times
  1217. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1218. Value Name: [ msacm.imaadpcm ], Value: [ ], 3 times
  1219. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1220. Value Name: [ msacm.l3acm ], Value: [ ], 2 times
  1221. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1222. Value Name: [ msacm.msadpcm ], Value: [ ], 3 times
  1223. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1224. Value Name: [ msacm.msaudio1 ], Value: [ ], 3 times
  1225. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1226. Value Name: [ msacm.msg711 ], Value: [ msg711.acm ], 3 times
  1227. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1228. Value Name: [ msacm.msg723 ], Value: [ ], 3 times
  1229. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1230. Value Name: [ msacm.msgsm610 ], Value: [ ], 3 times
  1231. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1232. Value Name: [ msacm.sl_anet ], Value: [ sl_anet.acm ], 2 times
  1233. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1234. Value Name: [ msacm.trspch ], Value: [ ], 3 times
  1235. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1236. Value Name: [ vidc.I420 ], Value: [ ], 2 times
  1237. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1238. Value Name: [ vidc.M261 ], Value: [ ], 2 times
  1239. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1240. Value Name: [ vidc.M263 ], Value: [ ], 2 times
  1241. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1242. Value Name: [ vidc.cvid ], Value: [ ], 2 times
  1243. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1244. Value Name: [ vidc.iv31 ], Value: [ ], 2 times
  1245. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1246. Value Name: [ vidc.iv32 ], Value: [ ], 2 times
  1247. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1248. Value Name: [ vidc.iv41 ], Value: [ ], 2 times
  1249. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1250. Value Name: [ vidc.iv50 ], Value: [ ], 1 time
  1251. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1252. Value Name: [ vidc.iyuv ], Value: [ ], 2 times
  1253. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1254. Value Name: [ vidc.mrle ], Value: [ ], 2 times
  1255. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1256. Value Name: [ vidc.msvc ], Value: [ ], 2 times
  1257. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1258. Value Name: [ vidc.uyvy ], Value: [ ], 2 times
  1259. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1260. Value Name: [ vidc.yuy2 ], Value: [ ], 2 times
  1261. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1262. Value Name: [ vidc.yvu9 ], Value: [ ], 2 times
  1263. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1264. Value Name: [ vidc.yvyu ], Value: [ ], 2 times
  1265. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1266. Value Name: [ wavemapper ], Value: [ ], 2 times
  1267. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
  1268. Value Name: [ AppInit_DLLs ], Value: [ ], 1 time
  1269. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  1270. Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
  1271. Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
  1272. Value Name: [ wheel ], Value: [ 1 ], 1 time
  1273. Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
  1274. Value Name: [ ProductType ], Value: [ WinNT ], 1 time
  1275. Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  1276. Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
  1277. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
  1278. Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
  1279. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1280. Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
  1281. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1282. Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
  1283. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1284. Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
  1285. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1286. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1287. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1288. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  1289. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1290. Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
  1291. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1292. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1293. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1294. Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
  1295. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1296. Value Name: [ Version ], Value: [ 0 ], 1 time
  1297. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1298. Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
  1299. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1300. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1301. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1302. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
  1303. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1304. Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
  1305. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1306. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1307. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1308. Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
  1309. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1310. Value Name: [ Version ], Value: [ 0 ], 1 time
  1311. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1312. Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
  1313. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1314. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1315. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1316. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  1317. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1318. Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
  1319. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1320. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1321. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1322. Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
  1323. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1324. Value Name: [ Version ], Value: [ 0 ], 1 time
  1325. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1326. Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
  1327. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1328. Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
  1329. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1330. Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
  1331. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
  1332. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1333. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
  1334. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1335. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
  1336. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1337. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
  1338. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  1339. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
  1340. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  1341. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
  1342. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1343. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
  1344. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1345. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
  1346. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1347. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
  1348. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1349. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
  1350. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1351. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
  1352. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1353. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
  1354. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1355. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
  1356. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1357. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  1358. Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
  1359. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  1360. Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
  1361. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ],
  1362. Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time
  1363. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  1364. Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
  1365. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  1366. Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
  1367.  
  1368. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1369. Monitored Registry Keys:
  1370. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1371. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1372. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  1373. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1374. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  1375.  
  1376.  
  1377. [=============================================================================]
  1378. 4.b) regsvr32.exe - File Activities
  1379. [=============================================================================]
  1380. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1381. Files Read:
  1382. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1383. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1384.  
  1385. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1386. File System Control Communication:
  1387. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1388. File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
  1389.  
  1390. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1391. Device Control Communication:
  1392. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1393. File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
  1394.  
  1395. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1396. Memory Mapped Files:
  1397. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1398. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1399. File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ]
  1400. File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
  1401. File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  1402. File Name: [ C:\WINDOWS\system32\MSACM32.dll ]
  1403. File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
  1404. File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
  1405. File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
  1406. File Name: [ C:\WINDOWS\system32\ShimEng.dll ]
  1407. File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
  1408. File Name: [ C:\WINDOWS\system32\WININET.dll ]
  1409. File Name: [ C:\WINDOWS\system32\WINMM.dll ]
  1410. File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
  1411. File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
  1412. File Name: [ C:\WINDOWS\system32\comctl32.dll ]
  1413. File Name: [ C:\WINDOWS\system32\imm32.dll ]
  1414. File Name: [ C:\WINDOWS\system32\rpcss.dll ]
  1415. File Name: [ C:\WINDOWS\system32\urlmon.dll ]
  1416. File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
  1417.  
  1418.  
  1419. [#############################################################################]
  1420. 5. regsvr32.exe
  1421. [#############################################################################]
  1422. [=============================================================================]
  1423. General information about this executable
  1424. [=============================================================================]
  1425. Analysis Reason: Started by dll_analysis.exe
  1426. Filename: regsvr32.exe
  1427. Command Line: regsvr32.exe /c /s .\d1.tmp.dll
  1428. Process-status
  1429. at analysis end: dead
  1430. Exit Code: 0
  1431.  
  1432. [=============================================================================]
  1433. Load-time Dlls
  1434. [=============================================================================]
  1435. Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  1436. Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  1437. Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
  1438. Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  1439. Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  1440. Base Address: [0x77C10000 ], Size: [0x00058000 ]
  1441. Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  1442. Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  1443. Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  1444. Base Address: [0x77E70000 ], Size: [0x00092000 ]
  1445. Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  1446. Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  1447. Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  1448. Base Address: [0x7E410000 ], Size: [0x00091000 ]
  1449. Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  1450. Base Address: [0x77F10000 ], Size: [0x00049000 ]
  1451. Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  1452. Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  1453. Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
  1454. Base Address: [0x5CB70000 ], Size: [0x00026000 ]
  1455. Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ],
  1456. Base Address: [0x6F880000 ], Size: [0x001CA000 ]
  1457. Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
  1458. Base Address: [0x76B40000 ], Size: [0x0002D000 ]
  1459. Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
  1460. Base Address: [0x77120000 ], Size: [0x0008B000 ]
  1461. Module Name: [ C:\WINDOWS\system32\MSACM32.dll ],
  1462. Base Address: [0x77BE0000 ], Size: [0x00015000 ]
  1463. Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  1464. Base Address: [0x77C00000 ], Size: [0x00008000 ]
  1465. Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
  1466. Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
  1467. Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  1468. Base Address: [0x77F60000 ], Size: [0x00076000 ]
  1469. Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
  1470. Base Address: [0x769C0000 ], Size: [0x000B4000 ]
  1471. Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
  1472. Base Address: [0x5AD70000 ], Size: [0x00038000 ]
  1473. Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
  1474. Base Address: [0x773D0000 ], Size: [0x00103000 ]
  1475. Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
  1476. Base Address: [0x5D090000 ], Size: [0x0009A000 ]
  1477.  
  1478. [=============================================================================]
  1479. Run-time Dlls
  1480. [=============================================================================]
  1481. Module Name: [ C:\Program Files\Common Files\d1.tmp.dll ],
  1482. Base Address: [0x10000000 ], Size: [0x00128000 ]
  1483. Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
  1484. Base Address: [0x71AA0000 ], Size: [0x00008000 ]
  1485. Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
  1486. Base Address: [0x71AB0000 ], Size: [0x00017000 ]
  1487. Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
  1488. Base Address: [0x74720000 ], Size: [0x0004C000 ]
  1489. Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
  1490. Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
  1491. Module Name: [ C:\WINDOWS\system32\WININET.dll ],
  1492. Base Address: [0x771B0000 ], Size: [0x000AA000 ]
  1493. Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
  1494. Base Address: [0x77A80000 ], Size: [0x00095000 ]
  1495. Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
  1496. Base Address: [0x77B20000 ], Size: [0x00012000 ]
  1497. Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
  1498. Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
  1499.  
  1500. [=============================================================================]
  1501. 5.a) regsvr32.exe - Registry Activities
  1502. [=============================================================================]
  1503. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1504. Registry Keys Created:
  1505. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1506. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1507. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ]
  1508. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ]
  1509. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Programmable ]
  1510. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ]
  1511. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Control ]
  1512. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ]
  1513. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ]
  1514. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ]
  1515. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ]
  1516. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1517. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1518. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ]
  1519. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains ]
  1520. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains\* ]
  1521. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ]
  1522.  
  1523. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1524. Registry Keys Deleted:
  1525. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1526. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Control ]
  1527. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ]
  1528. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ]
  1529. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ]
  1530. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ]
  1531. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Programmable ]
  1532. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ]
  1533. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ]
  1534. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ]
  1535. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1536. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1537. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains\* ]
  1538. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore\AllowedDomains ]
  1539. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ]
  1540. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1541. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ]
  1542.  
  1543. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1544. Registry Values Modified:
  1545. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1546. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\npm8detector.dll ],
  1547. Value Name: [ AppID ], New Value: [ {B415CD14-B45D-4BCA-B552-B06175C38606} ]
  1548. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606} ],
  1549. Value Name: [ ], New Value: [ FireBreathWin ]
  1550. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector ],
  1551. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1552. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1 ],
  1553. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1554. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector.1\CLSID ],
  1555. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1556. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CLSID ],
  1557. Value Name: [ ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1558. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\BPI.m8detector\CurVer ],
  1559. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  1560. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  1561. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1562. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0} ],
  1563. Value Name: [ AppID ], New Value: [ {B415CD14-B45D-4BCA-B552-B06175C38606} ]
  1564. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  1565. Value Name: [ ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1566. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\InprocServer32 ],
  1567. Value Name: [ ThreadingModel ], New Value: [ Apartment ]
  1568. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus ],
  1569. Value Name: [ ], New Value: [ 0 ]
  1570. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\MiscStatus\1 ],
  1571. Value Name: [ ], New Value: [ 131473 ]
  1572. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\ProgID ],
  1573. Value Name: [ ], New Value: [ BPI.m8detector.1 ]
  1574. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\TypeLib ],
  1575. Value Name: [ ], New Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ]
  1576. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\Version ],
  1577. Value Name: [ ], New Value: [ 1 ]
  1578. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\CLSID\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\VersionIndependentProgID ],
  1579. Value Name: [ ], New Value: [ BPI.m8detector ]
  1580. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1581. Value Name: [ ], New Value: [ Detects if device software is installed. ]
  1582. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1583. Value Name: [ CLSID ], New Value: [ {a990fb20-7eaa-5911-8c2a-60a316825eb0} ]
  1584. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Classes\MIME\Database\Content Type\application/x-m8detector ],
  1585. Value Name: [ Extension ], New Value: [ ]
  1586. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a990fb20-7eaa-5911-8c2a-60a316825eb0}\iexplore ],
  1587. Value Name: [ Count ], New Value: [ 0 ]
  1588. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\MozillaPlugins\www.bridgepub.com/m8detector ],
  1589. Value Name: [ Path ], New Value: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1590.  
  1591. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1592. Registry Values Read:
  1593. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1594. Key: [ HKLM\SOFTWARE\CLASSES\.DLL ],
  1595. Value Name: [ ], Value: [ dllfile ], 1 time
  1596. Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
  1597. Value Name: [ CUAS ], Value: [ 0 ], 1 time
  1598. Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  1599. Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  1600. Key: [ HKLM\SYSTEM\Setup ],
  1601. Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
  1602. Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
  1603. Value Name: [ Installed ], Value: [ 0 ], 1 time
  1604. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1605. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time
  1606. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1607. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1608. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1609. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1610. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ],
  1611. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1612. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1613. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time
  1614. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1615. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1616. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1617. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1618. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ],
  1619. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1620. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1621. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time
  1622. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1623. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1624. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1625. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1626. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ],
  1627. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1628. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1629. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time
  1630. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1631. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1632. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1633. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1634. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ],
  1635. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1636. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1637. Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time
  1638. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1639. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1640. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1641. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  1642. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ],
  1643. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1644. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1645. Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time
  1646. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1647. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1648. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1649. Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
  1650. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ],
  1651. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1652. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1653. Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time
  1654. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1655. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1656. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1657. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1658. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ],
  1659. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1660. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1661. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time
  1662. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1663. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1664. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1665. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1666. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ],
  1667. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1668. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1669. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time
  1670. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1671. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1672. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1673. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1674. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ],
  1675. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1676. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1677. Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time
  1678. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1679. Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
  1680. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1681. Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
  1682. Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ],
  1683. Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
  1684. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
  1685. Value Name: [ * ], Value: [ 1 ], 1 time
  1686. Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
  1687. Value Name: [ * ], Value: [ 1 ], 1 time
  1688. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1689. Value Name: [ midimapper ], Value: [ ], 2 times
  1690. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1691. Value Name: [ msacm.iac2 ], Value: [ ], 2 times
  1692. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1693. Value Name: [ msacm.imaadpcm ], Value: [ ], 3 times
  1694. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1695. Value Name: [ msacm.l3acm ], Value: [ ], 2 times
  1696. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1697. Value Name: [ msacm.msadpcm ], Value: [ ], 3 times
  1698. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1699. Value Name: [ msacm.msaudio1 ], Value: [ ], 3 times
  1700. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1701. Value Name: [ msacm.msg711 ], Value: [ msg711.acm ], 3 times
  1702. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1703. Value Name: [ msacm.msg723 ], Value: [ ], 3 times
  1704. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1705. Value Name: [ msacm.msgsm610 ], Value: [ ], 3 times
  1706. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1707. Value Name: [ msacm.sl_anet ], Value: [ sl_anet.acm ], 2 times
  1708. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1709. Value Name: [ msacm.trspch ], Value: [ ], 3 times
  1710. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1711. Value Name: [ vidc.I420 ], Value: [ ], 2 times
  1712. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1713. Value Name: [ vidc.M261 ], Value: [ ], 2 times
  1714. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1715. Value Name: [ vidc.M263 ], Value: [ ], 2 times
  1716. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1717. Value Name: [ vidc.cvid ], Value: [ ], 2 times
  1718. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1719. Value Name: [ vidc.iv31 ], Value: [ ], 2 times
  1720. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1721. Value Name: [ vidc.iv32 ], Value: [ ], 2 times
  1722. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1723. Value Name: [ vidc.iv41 ], Value: [ ], 2 times
  1724. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1725. Value Name: [ vidc.iv50 ], Value: [ ], 1 time
  1726. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1727. Value Name: [ vidc.iyuv ], Value: [ ], 2 times
  1728. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1729. Value Name: [ vidc.mrle ], Value: [ ], 2 times
  1730. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1731. Value Name: [ vidc.msvc ], Value: [ ], 2 times
  1732. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1733. Value Name: [ vidc.uyvy ], Value: [ ], 2 times
  1734. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1735. Value Name: [ vidc.yuy2 ], Value: [ ], 2 times
  1736. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1737. Value Name: [ vidc.yvu9 ], Value: [ ], 2 times
  1738. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1739. Value Name: [ vidc.yvyu ], Value: [ ], 2 times
  1740. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ],
  1741. Value Name: [ wavemapper ], Value: [ ], 2 times
  1742. Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
  1743. Value Name: [ AppInit_DLLs ], Value: [ ], 1 time
  1744. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  1745. Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
  1746. Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
  1747. Value Name: [ wheel ], Value: [ 1 ], 1 time
  1748. Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
  1749. Value Name: [ ProductType ], Value: [ WinNT ], 1 time
  1750. Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  1751. Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
  1752. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
  1753. Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
  1754. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1755. Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
  1756. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1757. Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
  1758. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1759. Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
  1760. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1761. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1762. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1763. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  1764. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1765. Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
  1766. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1767. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1768. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1769. Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
  1770. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
  1771. Value Name: [ Version ], Value: [ 0 ], 1 time
  1772. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1773. Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
  1774. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1775. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1776. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1777. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
  1778. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1779. Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
  1780. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1781. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1782. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1783. Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
  1784. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
  1785. Value Name: [ Version ], Value: [ 0 ], 1 time
  1786. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1787. Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
  1788. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1789. Value Name: [ Enabled ], Value: [ 1 ], 1 time
  1790. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1791. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
  1792. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1793. Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
  1794. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1795. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
  1796. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1797. Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
  1798. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
  1799. Value Name: [ Version ], Value: [ 0 ], 1 time
  1800. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1801. Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
  1802. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1803. Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
  1804. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1805. Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
  1806. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
  1807. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1808. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
  1809. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1810. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
  1811. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1812. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
  1813. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  1814. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
  1815. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
  1816. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
  1817. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1818. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
  1819. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1820. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
  1821. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1822. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
  1823. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1824. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
  1825. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1826. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
  1827. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1828. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
  1829. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1830. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
  1831. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
  1832. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  1833. Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
  1834. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  1835. Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
  1836. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ],
  1837. Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time
  1838. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  1839. Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
  1840. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
  1841. Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
  1842. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7} ],
  1843. Value Name: [ ], Value: [ IFBControl ], 1 time
  1844. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid ],
  1845. Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 1 time
  1846. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\ProxyStubClsid32 ],
  1847. Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 1 time
  1848. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\TypeLib ],
  1849. Value Name: [ ], Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ], 1 time
  1850. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{44B4F3E0-AE22-56F3-8EA7-4B7F223018B7}\TypeLib ],
  1851. Value Name: [ Version ], Value: [ 1.0 ], 1 time
  1852. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2} ],
  1853. Value Name: [ ], Value: [ IFBComEventSource ], 1 time
  1854. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid ],
  1855. Value Name: [ ], Value: [ {00020420-0000-0000-C000-000000000046} ], 1 time
  1856. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\ProxyStubClsid32 ],
  1857. Value Name: [ ], Value: [ {00020420-0000-0000-C000-000000000046} ], 1 time
  1858. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\TypeLib ],
  1859. Value Name: [ ], Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ], 1 time
  1860. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9377FF11-559F-5C42-86C3-6EC4B5F32CA2}\TypeLib ],
  1861. Value Name: [ Version ], Value: [ 1.0 ], 1 time
  1862. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2} ],
  1863. Value Name: [ ], Value: [ IFBComJavascriptObject ], 1 time
  1864. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid ],
  1865. Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 1 time
  1866. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\ProxyStubClsid32 ],
  1867. Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 1 time
  1868. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\TypeLib ],
  1869. Value Name: [ ], Value: [ {1831BF10-DC9B-5DDA-B757-D0AC46194971} ], 1 time
  1870. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\Interface\{9793AC59-30B6-5599-BC51-1C45405B98A2}\TypeLib ],
  1871. Value Name: [ Version ], Value: [ 1.0 ], 1 time
  1872. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0 ],
  1873. Value Name: [ ], Value: [ m8detector 1.0 Type Library ], 1 time
  1874. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\0\win32 ],
  1875. Value Name: [ ], Value: [ C:\Program Files\Common Files\d1.tmp.dll ], 1 time
  1876. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\classes\TypeLib\{1831BF10-DC9B-5DDA-B757-D0AC46194971}\1.0\FLAGS ],
  1877. Value Name: [ ], Value: [ 0 ], 1 time
  1878.  
  1879. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1880. Monitored Registry Keys:
  1881. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1882. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
  1883. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  1884. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
  1885. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
  1886.  
  1887.  
  1888. [=============================================================================]
  1889. 5.b) regsvr32.exe - File Activities
  1890. [=============================================================================]
  1891. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1892. Files Read:
  1893. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1894. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1895.  
  1896. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1897. File System Control Communication:
  1898. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1899. File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
  1900.  
  1901. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1902. Device Control Communication:
  1903. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1904. File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
  1905.  
  1906. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1907. Memory Mapped Files:
  1908. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  1909. File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
  1910. File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ]
  1911. File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
  1912. File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  1913. File Name: [ C:\WINDOWS\system32\MSACM32.dll ]
  1914. File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
  1915. File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
  1916. File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
  1917. File Name: [ C:\WINDOWS\system32\ShimEng.dll ]
  1918. File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
  1919. File Name: [ C:\WINDOWS\system32\WININET.dll ]
  1920. File Name: [ C:\WINDOWS\system32\WINMM.dll ]
  1921. File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
  1922. File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
  1923. File Name: [ C:\WINDOWS\system32\comctl32.dll ]
  1924. File Name: [ C:\WINDOWS\system32\imm32.dll ]
  1925. File Name: [ C:\WINDOWS\system32\rpcss.dll ]
  1926. File Name: [ C:\WINDOWS\system32\urlmon.dll ]
  1927. File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
  1928.  
  1929.  
  1930.  
  1931. [#############################################################################]
  1932. International Secure Systems Lab
  1933. http://www.iseclab.org
  1934.  
  1935. Vienna University of Technology Eurecom France UC Santa Barbara
  1936. http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu
  1937.  
  1938. Contact: anubis@iseclab.org
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!