mzpefinder_pcap_file.YR, GenericEmailWorm.YR, PUPSpigot.YR (Lavasoft MAS)Behaviour: Worm, EmailWorm, PUP
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: b5f20e3c5e7371945f84b59bb3731fd7
SHA1: 82cfccd1c86c960f37d6232ebe573d946b1e33d1
SHA256: beb529d69225ad02ace8094e559df7a574098e9c2cf0e1a08d4c21e59f71fb65
SSDeep: 24576:dZQMkQ5hw6oqQ5UO9revCwM6ZYbXDMSMHFZ9nD6l f0D7CuHw:gy7ToUG2Cf6qbXDNMlznD6l1fCuHw
Size: 937560 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: NCH Software
Created at: 2013-12-10 07:05:55
Analyzed on: Windows7Ada SP1 64-bit
Summary: PUP. Potentially Unwanted Program. An application that does not display malicious behavior yet is installed without having first sought affirmative user consent for installation. Users may not realize, due to the nature of the installation procedure, that an application they have not explicitly agreed to has been installed. This category can also be used to classify other applications which in a certain context can be wanted e.g. remote administration tools or IRC clients.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The PUP creates the following process(es):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:1160
GoogleUpdate.exe:3620
GoogleUpdate.exe:3708
GoogleUpdate.exe:2608
GoogleUpdate.exe:1440
GoogleUpdaterService.exe:3320
GoogleUpdaterService.exe:1448
googletoolbarinstaller_en_signed.exe:2364
GoogleUpdaterService_B33FC4DD36A473C6.exe:2448
scribe.exe:476
scribe.exe:2252
scribe.exe:2676
%original file name%.exe:1960
GoogleUpdateSetup_latest.exe:1664
nchsetup.exe:3836
GoogleToolbarManager_8CA8B41417E66DEB.exe:3948
GoogleToolbarManager_8CA8B41417E66DEB.exe:3128
GoogleToolbarManager_8CA8B41417E66DEB.exe:1808
GoogleToolbarNotifier.exe:1940
GoogleToolbarNotifier.exe:1752
regsvr32.exe:3096
NCH_GoogleToolbar.exe:1532
SearchWithGoogleUpdate_C993F490EED40C1B.exe:2360
The PUP injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process GoogleUpdate.exe:3620 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Update\Install\{9ED6278D-3499-43D2-BA30-93D0A1DF8374}\googletoolbarinstaller_en_signed.exe (38734 bytes)
C:\Windows\Temp\guiACB2.tmp (15 bytes)
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
The process GoogleUpdate.exe:3708 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\GUM8F82.tmp\goopdate.dll (835 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_en.dll (28 bytes)
The process googletoolbarinstaller_en_signed.exe:2364 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (59603 bytes)
C:\ (96 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43972 bytes)
C:\$Directory (672 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (54812 bytes)
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:2448 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
The process scribe.exe:2252 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382879 bytes)
The process scribe.exe:2676 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_scribe_rl_adm (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Status\s0000000.sta (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current\Welcome.wav (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current\Welcome.dat (832 bytes)
The process %original file name%.exe:1960 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (7384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (647 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (29704 bytes)
The process GoogleUpdateSetup_latest.exe:1664 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\GUM8F82.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdate.dll (1702 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_es.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_en.dll (27 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUT8F83.tmp (4 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ru.dll (28 bytes)
The process nchsetup.exe:3836 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Current\Welcome.wav (34532 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Favorites\NCH Software Download Site.lnk (310 bytes)
%Program Files% (x86)\NCH Software\Scribe\hookappcommand.dll (6988 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Scribe\scribe.exe (13171 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk (1 bytes)
C:\Users\Public\Desktop\Express Scribe Transcription Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Typing Expander Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Current\Welcome.dat (96 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk (1 bytes)
C:\Users\Public\Desktop\NCH Suite.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Status\Template.doc (8844 bytes)
%Program Files% (x86)\NCH Software\Scribe\scribesetup_v5.69.exe (7345 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Dictation Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Transcription Software.lnk (1 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3948 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (2418 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3128 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (41641 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:1808 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (3179 bytes)
The process GoogleToolbarNotifier.exe:1940 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (151 bytes)
The process regsvr32.exe:3096 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (348 bytes)
The process NCH_GoogleToolbar.exe:1532 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nse8F35.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:2360 makes changes in the file system.
The PUP creates and/or writes to the following file(s):
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (346 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (150 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
Registry activity
The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
The process GoogleUpdate.exe:1160 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:3620 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastActivity" = "4294967295"
"pv" = "7.5.5111.1712"
"usagestats" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallProgressPercent" = "4294967295"
"StateValue" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfLastRollCall" = "4294967295"
"LastCheckSuccess" = "1418883492"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"DayOfInstall" = "2907"
"InstallTime" = "1418883471"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"InstallTimeRemainingMs" = "4294967295"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\CurrentState]
"DownloadProgressPercent" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"ap"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResult"
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"iid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"LastInstallerResult"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerResultUIString"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"eulaaccepted"
"UpdateAvailableSince"
"LastInstallerError"
"LastInstallerResultUIString"
"experiment_labels"
"tttoken"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerError"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"browser"
"LastInstallerExtraCode1"
"LastInstallerSuccessLaunchCmdLine"
The process GoogleUpdate.exe:3708 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"
"UpdateAvailableCount"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"sk"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"eulaaccepted"
[HKCU\Software\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"old-uid"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\network\secure]
"c"
[HKCU\Software\Google\Update]
"uid"
The process GoogleUpdate.exe:2608 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Google\Update\proxy]
"source" = "IEWPAD"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
The process GoogleUpdate.exe:1440 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"usagestats" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Update]
"uid"
"old-uid"
"eulaaccepted"
The process GoogleUpdaterService.exe:3320 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\HELPDIR]
"(Default)" = ""
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\GoogleUpdaterService.exe]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\ProgID]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"(Default)" = "Google Updater Scheduler class"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"Version" = "1.0"
[HKCR\GUServiceCtl.SilentUpdater]
"(Default)" = "Google Silent Updater class"
[HKCR\GUServiceCtl.SilentUpdater\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}]
"(Default)" = "Google Silent Updater class"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUServiceCtl.SilentUpdater\CurVer]
"(Default)" = "GUServiceCtl.SilentUpdater.1"
[HKCR\Wow6432Node\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService" = "gusvc"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}]
"(Default)" = "IUpdaterScheduler"
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"(Default)" = "gusvc"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0]
"(Default)" = "Google Updater Service 1.0 Type Library"
[HKCR\GUServiceCtl.SilentUpdater.1\CLSID]
"(Default)" = "{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\VersionIndependentProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}]
"AppID" = "{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}"
[HKCR\GUServiceCtl.SilentUpdater.1]
"(Default)" = "Google Silent Updater class"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"Version" = "1.0"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{5924C60B-6D7F-4AD6-8084-24A59431C967}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
[HKCR\Wow6432Node\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\ProgID]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\VersionIndependentProgID]
"(Default)" = "GUServiceCtl.SilentUpdater"
[HKCR\Interface\{C07A89E4-82A3-4A29-9908-DFC9DEBF8267}]
"(Default)" = "ISilentUpdater"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CLSID]
"(Default)" = "{B53B7061-6584-46AA-A033-D610EB10BD9B}"
[HKCR\GUSchedulerCtl.UpdaterScheduler.1]
"(Default)" = "Google Updater Scheduler class"
[HKCR\GUSchedulerCtl.UpdaterScheduler\CurVer]
"(Default)" = "GUSchedulerCtl.UpdaterScheduler.1"
[HKCR\Wow6432Node\Interface\{5C8CE0B5-6DA0-49A1-B675-78FD03EA3224}\TypeLib]
"(Default)" = "{5924C60B-6D7F-4AD6-8084-24A59431C967}"
The PUP deletes the following value(s) in system registry:
[HKCR\AppID\{61E28BF8-C02B-499F-8E7A-34C1E4A1C649}]
"LocalService"
The process GoogleUpdaterService.exe:1448 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\swg]
"auto" = "0"
The process googletoolbarinstaller_en_signed.exe:2364 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"sin" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion" = "7.5.5111.1712"
"currentVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ein" = "1"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"InstallProgress" = "3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "C0 12 95 66 8A 1A D0 01"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnabledExperiments" = "POSI,PUMA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Google\Google Toolbar\4.0\Setup]
"Command" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FirstInstallTime" = "1418883492"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The PUP deletes the following value(s) in system registry:
[HKCU\Software\Google\Google Toolbar]
"LastInstallError"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"NextVersion"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
"ProxyServer"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"FailedInstallPing"
The process GoogleUpdaterService_B33FC4DD36A473C6.exe:2448 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater\apps\tbie]
"auto" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Common\Google Updater]
"Path" = "%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
"Version" = "2.4.2617.4952"
The process scribe.exe:476 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Scheduler]
"SevenDays" = "1"
The process scribe.exe:2252 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Components\GoogleToolbar]
"State" = "attempted"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\NCH Software\Scribe\Software]
"Toolbar" = "cnm-installed,gac,google"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process scribe.exe:2676 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"MostRecentStart" = "C5 17 E4 53 8A 1A D0 01"
[HKCU\Software\NCH Software\Scribe\MainWindow]
"MiniWindowPositionY" = "190"
[HKCU\Software\NCH Software\Scribe\Registration]
"Name" = ""
[HKCU\Software\NCH Software\Scribe\MainWindow]
"MiniWindowPositionX" = "453"
[HKCU\Software\NCH Software\Scribe\Settings]
"WordCount" = "1"
[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"ID" = "SCRIBE.EXE53E24F3B001CEC58"
[HKCU\Software\NCH Software\Scribe\Settings]
"UseWordProc" = "1"
"WordDefault" = "0"
"DataFolderCurrent" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe"
[HKCU\Software\NCH Software\Scribe\Software]
"SVar" = "LLIBShowSuiteButtonOff"
[HKCU\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0E0F&PID_0003\Calibration\0]
"Guid" = "D0 9D 14 55 8E 86 E4 11 80 01 44 45 53 54 00 00"
[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"Version" = "00 07 00 00"
[HKCU\Software\NCH Software\Scribe\Settings]
"Word0" = "C:\ProgramData\NCH Software\Scribe\Status\Template.doc"
"currentfile" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current\Welcome.dat"
[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"Name" = "SCRIBE.EXE"
[HKCU\Software\NCH Software\Scribe\Settings]
"CleanExit" = "0"
"DataFolderPrevious" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe"
The process %original file name%.exe:1960 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process nchsetup.exe:3836 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\NCH.Scribe.dvs\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\NCH.Scribe.aif\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCR\NCH.Scribe.dvs\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\NCH.Scribe.aiff\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\NCH Software\Scribe\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Scribe"
[HKCU\Software\Classes\.OGG]
"(Default)" = "oggfile"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCU\Software\Classes\.tar]
"(Default)" = "tarfile"
[HKCU\Software\Classes\m4vfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".aif" = "NCH.Scribe.aif"
[HKCR\.wav\OpenWithProgIds]
"NCH.Scribe.wav" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCR\.msv]
"(Default)" = "NCH.Scribe.msv"
[HKCU\Software\Classes\NCH.Scribe.mp3\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\.AAC]
"(Default)" = "aacfile"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".wma" = "NCH.Scribe.wma"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCR\NCH.Scribe.mp3\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\.meo]
"(Default)" = "meofile"
[HKCU\Software\Classes\.7z]
"(Default)" = "7zfile"
[HKCU\Software\Classes\.nef]
"(Default)" = "neffile"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCR\NCH.Scribe.dss\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCR\NCH.Scribe.aif\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\m4afile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".aif" = "NCH.Scribe.aif"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\docfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCR\SystemFileAssociations\.dct\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\.rar]
"(Default)" = "rarfile"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKCU\Software\Classes\.avi]
"(Default)" = "avifile"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".aiff" = "NCH.Scribe.aiff"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCR\NCH.Scribe.aiff\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".wma" = "NCH.Scribe.wma"
[HKCU\Software\Classes\.asf]
"(Default)" = "asffile"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\gzfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCR\.dvs\OpenWithProgIds]
"NCH.Scribe.dvs" = "Type: REG_NONE, Length: 0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"Publisher" = "NCH Software"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\.vox]
"(Default)" = "voxfile"
[HKCR\NCH.Scribe.dvs\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCR\NCH.Scribe.dct\shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\.vpj]
"(Default)" = "vpjfile"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Settings]
"InstallerPath" = "%Program Files% (x86)\NCH Software\Scribe"
[HKCR\Applications\scribe.exe]
"(Default)" = "Express Scribe Transcription Software"
[HKCR\NCH.Scribe.dvs]
"(Default)" = "Express Scribe Dictation File"
[HKCU\Software\NCH Software\Scribe\Hotkey\6]
"Command" = "7"
[HKCU\Software\Classes\meofile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\vobfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\neffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\7zfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\TIFImage.Document\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"DisplayIcon" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe"
[HKCR\NCH.Scribe.msv\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCR\.aiff\OpenWithProgIds]
"NCH.Scribe.aiff" = "Type: REG_NONE, Length: 0"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".dvs" = "NCH.Scribe.dvs"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\AcroExch.Document\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mp4file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\Paint.Picture\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\m4vfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\voxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.AU]
"(Default)" = "aufile"
[HKCU\Software\Classes\.mpg]
"(Default)" = "mpgfile"
[HKCU\Software\Classes\.vob]
"(Default)" = "vobfile"
[HKCU\Software\Classes\mpdpfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\asffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mp4file\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\NCH.Scribe.wma\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCR\NCH.Scribe.mp3\shell]
"(Default)" = "Open"
[HKCR\SystemFileAssociations\.mp3\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCR\NCH.Scribe.aiff\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\vpjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".MP3" = "NCH.Scribe.mp3"
[HKCU\Software\Classes\.WAV]
"(Default)" = "NCH.Scribe.wav"
[HKCU\Software\Classes\.mov]
"(Default)" = "movfile"
[HKCR\.msv]
"Scribe.BAK" = ""
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"URLInfoAbout" = "www.nch.com.au/scribe/support.html"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\mohfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCR\NCH.Scribe.wma\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\NCH.Scribe.wav\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\NCH Software\Scribe\Software]
"Toolbar" = "cnm-installed"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCR\.aif\OpenWithProgIds]
"NCH.Scribe.aif" = "Type: REG_NONE, Length: 0"
[HKCR\NCH.Scribe.aiff\shell]
"(Default)" = "Open"
[HKCU\Software\NCH Software\Scribe\Settings]
"InstallDate" = "1418883448"
[HKCU\Software\NCH Software\Scribe\Hotkey\1]
"Command" = "10"
[HKCU\Software\Classes\asffile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCR\Applications\scribe.exe\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\.gz]
"(Default)" = "gzfile"
[HKCU\Software\Classes\giffile\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKCU\Software\Classes\mpeg2file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\wpdfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCR\.dct\OpenWithProgIds]
"NCH.Scribe.dct" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\NCH.Scribe.aif\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvs\UserChoice]
"Progid" = "NCH.Scribe.dvs"
[HKCR\.dss\OpenWithProgIds]
"NCH.Scribe.dss" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"URLUpdateInfo" = "www.nch.com.au/scribe/index.html"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Settings]
"RelatedRuns" = "-1"
[HKCU\Software\Classes\.mpeg]
"(Default)" = "mpegfile"
[HKCU\Software\Classes\rtffile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".aiff" = "NCH.Scribe.aiff"
[HKCU\Software\Classes\.ds2]
"(Default)" = "ds2file"
[HKCU\Software\Classes\tar.gzfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCR\.mp3\OpenWithProgIds]
"NCH.Scribe.mp3" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\.WMA]
"(Default)" = "NCH.Scribe.wma"
[HKCU\Software\Classes\.xvid]
"(Default)" = "xvidfile"
[HKCR\NCH.Scribe.wma]
"(Default)" = ""
[HKCU\Software\Classes\NCH.Scribe.wma\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\NCH Software\Scribe\Settings]
"InstalledByAdmin" = "1"
[HKCR\NCH.Scribe.dct\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCR\.wma\OpenWithProgIds]
"NCH.Scribe.wma" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Software]
"Installer" = "%Program Files% (x86)\NCH Software\Scribe\scribesetup_v5.69.exe"
[HKCU\Software\NCH Software\Scribe\Hotkey\0]
"key" = "122"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"DisplayName" = "Express Scribe Transcription Software"
[HKCR\.dvs]
"(Default)" = "NCH.Scribe.dvs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msv\UserChoice]
"Progid" = "NCH.Scribe.msv"
[HKCU\Software\Classes\.moh]
"(Default)" = "mohfile"
[HKCU\Software\Classes\.mpeg2]
"(Default)" = "mpeg2file"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\NCH.Scribe.aiff\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKCR\NCH.Scribe.wma\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\mpeg2file\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.voc]
"(Default)" = "vocfile"
[HKCU\Software\Classes\spjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\NCH.Scribe.aif\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\vocfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCR\NCH.Scribe.dct\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\.wp]
"(Default)" = "wpfile"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKCR\NCH.Scribe.mp3]
"(Default)" = ""
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\NCH Software\Scribe\Hotkey\7]
"Command" = "2"
[HKCU\Software\Classes\.divx]
"(Default)" = "divxfile"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\UserChoice]
"Progid" = "NCH.Scribe.dss"
[HKCU\Software\Classes\mohfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind IMS %L"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCR\NCH.Scribe.wav\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\.AIFF]
"(Default)" = "NCH.Scribe.aiff"
[HKCU\Software\Classes\Paint.Picture\Shell\NCHslideshow]
"(Default)" = "Create slideshow"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".msv" = "NCH.Scribe.msv"
[HKCU\Software\Classes\.wpd]
"(Default)" = "wpdfile"
[HKCU\Software\Classes\spjfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\vpjfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\NCH.Scribe.wma\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKCU\Software\Classes\xvidfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\ivrfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\mpegfile\Shell]
"(Default)" = "open"
[HKCR\.dct]
"Scribe.BAK" = ""
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\Classes\ivrfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind IVM %L"
[HKCU\Software\Classes\tarfile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.aif]
"(Default)" = ""
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCR\NCH.Scribe.dct\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\NCH Software\Scribe\Registration]
"Name" = ""
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCR\.dvs]
"Scribe.BAK" = ""
[HKCR\.dss]
"Scribe.BAK" = ""
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\odtfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\RegisteredApplications]
"Scribe" = "Software\NCH Software\Scribe\Capabilities"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\jpegfile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.dss]
"(Default)" = "Express Scribe Dictation File"
[HKCU\Software\Classes\pngfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\aufile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\mpgfile\Shell]
"(Default)" = "open"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".dct" = "NCH.Scribe.dct"
[HKCU\Software\Classes\xvidfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCR\NCH.Scribe.aiff\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test" = "testv"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"VersionMinor" = "69"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\NCH.Scribe.aif\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\vobfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\.tar.gz]
"(Default)" = "tar.gzfile"
[HKCU\Software\NCH Software\Scribe\Hotkey\4]
"key" = "117"
[HKCU\Software\Classes\gsmfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCR\.msv\OpenWithProgIds]
"NCH.Scribe.msv" = "Type: REG_NONE, Length: 0"
[HKCU\Software\Classes\.MP3]
"(Default)" = "NCH.Scribe.mp3"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".MP3" = "NCH.Scribe.mp3"
[HKCU\Software\Classes\divxfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\vocfile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.wav\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\jpegfile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCU\Software\NCH Software\Scribe\Registration]
"RD" = "1418883436"
[HKCU\Software\Classes\.spj]
"(Default)" = "spjfile"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"UninstallString" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -uninstall"
[HKCU\Software\Classes\meofile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Meo %L"
[HKCU\Software\Classes\giffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\mp4file\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\NCH Software\Scribe\Hotkey\2]
"key" = "115"
[HKCU\Software\Classes\Windows.IsoFile\shell]
"(Default)" = "open"
[HKCU\Software\Classes\vobfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\mpeg2file\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\voxfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\avifile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\xvidfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCR\NCH.Scribe.msv]
"(Default)" = "Express Scribe Dictation File"
[HKCU\Software\NCH Software\Scribe\Hotkey\1]
"key" = "114"
[HKCR\NCH.Scribe.mp3\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\.ivr]
"(Default)" = "ivrfile"
[HKCR\NCH.Scribe.wma\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCR\SystemFileAssociations\.aiff\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\meofile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\CABFolder\Shell]
"(Default)" = "open"
[HKCU\Software\NCH Software\Scribe\Hotkey\3]
"key" = "116"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileTypes]
".WAV" = "NCH.Scribe.wav"
[HKCU\Software\Classes\oggfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docxfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCU\Software\Classes\neffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCR\NCH.Scribe.msv\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\NCH.Scribe.wav\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\flacfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCR\NCH.Scribe.msv\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\rarfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\NCH.Scribe.mp3\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\Classes\ds2file\shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\Classes\.FLAC]
"(Default)" = "flacfile"
[HKCU\Software\Classes\NCH.Scribe.wma\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\mpdpfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind MixPad %L"
[HKCU\Software\NCH Software\Scribe\Hotkey]
"maxId" = "9"
[HKCU\Software\Classes\NCH.Scribe.wav\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCR\NCH.Scribe.aif\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\NCH Software\Scribe\Hotkey\8]
"key" = "121"
[HKCU\Software\Classes\ds2file\shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.aiff]
"(Default)" = ""
[HKCU\Software\Classes\giffile\Shell\NCHslideshow\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\.gsm]
"(Default)" = "gsmfile"
[HKCU\Software\Classes\NCH.Scribe.aiff\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\Classes\ivrfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".WAV" = "NCH.Scribe.wav"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\NCH Software\Scribe\Hotkey\4]
"Command" = "1"
[HKCU\Software\Classes\tarfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\tarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKCU\Software\NCH Software\Scribe\Hotkey\2]
"Command" = "3"
[HKCU\Software\NCH Software\Scribe\Hotkey\5]
"Command" = "6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCR\NCH.Scribe.dct]
"(Default)" = "Express Scribe Dictation File"
[HKCU\Software\NCH Software\Scribe\Settings]
"currentVersion" = "5.69"
[HKCU\Software\Classes\avifile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCR\NCH.Scribe.mp3\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\oggfile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\movfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\movfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\.M4A]
"(Default)" = "m4afile"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCU\Software\Classes\spjfile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind PhotoStage %L"
[HKCU\Software\Classes\rarfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"VersionMajor" = "5"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCU\Software\Classes\wpfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCR\NCH.Scribe.wav]
"(Default)" = ""
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".dct" = "NCH.Scribe.dct"
[HKCU\Software\Classes\.AIF]
"(Default)" = "NCH.Scribe.aif"
[HKCU\Software\Classes\flacfile\Shell]
"(Default)" = "open"
[HKCU\Software\NCH Software\Scribe\Hotkey\6]
"key" = "119"
[HKCU\Software\NCH Software\Scribe\Hotkey\3]
"Command" = "0"
[HKCU\Software\Classes\7zfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer]
"GlobalAssocChangedCounter" = "35"
[HKCR\NCH.Scribe.aif\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\FirefoxHTML\shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCU\Software\Classes\gsmfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\NCH.Scribe.mp3\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCR\NCH.Scribe.wav\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\neffile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\TIFImage.Document\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKCU\Software\Classes\mpegfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\Classes\aacfile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities]
"ApplicationDescription" = "Express Scribe Transcription Software"
[HKCU\Software\NCH Software\Scribe\Hotkey\7]
"key" = "120"
[HKCU\Software\NCH Software\Scribe\Hotkey\5]
"key" = "118"
[HKCU\Software\Classes\asffile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKLM\SOFTWARE\Wow6432Node\NCH Software\Scribe\Capabilities\FileAssociations]
".dss" = "NCH.Scribe.dss"
[HKCU\Software\Classes\aacfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"InstallLocation" = "%Program Files% (x86)\NCH Software\Scribe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dct\UserChoice]
"Progid" = "NCH.Scribe.dct"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc]
"(Default)" = "Convert file type"
[HKCU\Software\Classes\Windows.IsoFile\shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\aacfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\.m4v]
"(Default)" = "m4vfile"
[HKCU\Software\Classes\divxfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\AcroExch.Document\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCU\Software\Classes\m4vfile\Shell\NCHconvertvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Prism %L"
[HKCU\Software\Classes\tar.gzfile\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\giffile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKCU\Software\Classes\wpdfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCU\Software\Classes\.mpdp]
"(Default)" = "mpdpfile"
[HKCU\Software\Classes\mpdpfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Classes\NCH.Scribe.wav\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\docxfile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.aif\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCR\NCH.Scribe.wma\shell]
"(Default)" = "Open"
[HKCR\.dss]
"(Default)" = "NCH.Scribe.dss"
[HKCU\Software\Classes\movfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\odtfile\Shell\NCHconvertdoc\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Doxillion %L"
[HKCR\Applications\scribe.exe\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\wpfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\rarfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\CABFolder\Shell\NCHextract\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressZip %L"
[HKCU\Software\Classes\divxfile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKCU\Software\Classes\gzfile\Shell]
"(Default)" = "open"
[HKCR\Applications\scribe.exe\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\mpegfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\m4afile\Shell\NCHeditsound]
"(Default)" = "Edit sound file"
[HKCU\Software\Classes\avifile\Shell\NCHeditvideo\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind VideoPad %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"Version" = "5.69"
[HKCU\Software\Classes\mohfile]
"(Default)" = "Unhandled Extension Handler Finder"
[HKCU\Software\Classes\.mp4]
"(Default)" = "mp4file"
[HKCU\Software\Classes\Windows.IsoFile\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind ExpressBurn %L"
[HKCU\Software\Classes\7zfile\Shell\NCHextract]
"(Default)" = "Extract with Express Zip"
[HKCR\.dct]
"(Default)" = "NCH.Scribe.dct"
[HKCU\Software\Classes\jpegfile\Shell\NCHconvertimage\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Pixillion %L"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Scribe]
"DisplayVersion" = "5.69"
[HKCR\NCH.Scribe.dss\DefaultIcon]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe,0"
[HKCU\Software\Classes\pngfile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\vpjfile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
[HKCU\Software\Microsoft\Registration\NCH]
"Scribe" = "1"
[HKCR\SystemFileAssociations\.wma\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\mpgfile\Shell\NCHconvertvideo]
"(Default)" = "Convert video file"
[HKCU\Software\NCH Software\Scribe\Hotkey\0]
"Command" = "9"
[HKCU\Software\Classes\.doc]
"(Default)" = "docfile"
[HKCU\Software\NCH Software\Scribe\Hotkey\8]
"Command" = "8"
[HKCU\Software\Classes\aufile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.wav\shell\open\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\aufile\Shell\NCHconvertsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind Switch %L"
[HKCU\Software\Classes\rtffile\Shell]
"(Default)" = "open"
[HKCU\Software\Classes\docfile\Shell]
"(Default)" = "open"
[HKCR\NCH.Scribe.dss\shell]
"(Default)" = "Open"
[HKCU\Software\Classes\NCH.Scribe.aiff\Shell\NCHconvertsound]
"(Default)" = "Convert sound file"
[HKCR\SystemFileAssociations\.aif\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\pngfile\Shell\NCHconvertimage]
"(Default)" = "Convert image file"
[HKCU\Software\Classes\mpgfile\Shell\NCHeditvideo]
"(Default)" = "Edit video file"
[HKCU\Software\Classes\voxfile\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCR\SystemFileAssociations\.wav\Shell\Transcribe with Express Scribe Transcription Software\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe %L"
[HKCU\Software\Classes\NCH.Scribe.mp3\Shell\NCHeditsound\command]
"(Default)" = "%Program Files% (x86)\NCH Software\Scribe\scribe.exe -extfind WavePad %L"
[HKCU\Software\Classes\Windows.IsoFile\DefaultIcon]
"(Default)" = "%SystemRoot%\SysWow64\shell32.dll,19"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvs\UserChoice]
"Progid"
[HKCU\Software\NCH Software\Scribe\Software]
"_InstalledBy"
[HKLM\SOFTWARE\Wow6432Node\Google\GCAPITemp]
"test"
[HKCU\Software\NCH Software\Scribe\Registration]
"XD"
[HKCU\Software\NCH Software\Scribe\Software]
"_ShowSurvey"
"InstalledBy"
"ShowSurveyNow"
"ShowSurvey"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msv\UserChoice]
"Progid"
[HKCU\Software\NCH Software\Scribe\Software]
"_ShowSurveyNow"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dss\UserChoice]
"Progid"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\NCH Software\Scribe\Registration]
"_XD"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dct\UserChoice]
"Progid"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3948 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"pv" = "7.5.5111.1712"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:3128 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayVersion" = "7.5.5111.1712"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"ToastOfferTime" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Publisher" = "Google Inc."
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"SystemPatchLevel" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallTimestamp" = "1418883472"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_5" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:5"
"cmd_7.5.5111.1712_4" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:4"
"cmd_7.5.5111.1712_7" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:7"
"cmd_7.5.5111.1712_6" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:6"
"cmd_7.5.5111.1712_1" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:1"
"cmd_7.5.5111.1712_0" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:0"
"cmd_7.5.5111.1712_3" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:3"
"cmd_7.5.5111.1712_2" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallType" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.5111.1712_9" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:9"
"cmd_7.5.5111.1712_8" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /execute:8"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetDefaultSearch" = "3"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"AllowInteractions" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayName" = "Google Toolbar for Internet Explorer"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EnableUsageStats" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"UninstallString" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe /uninstall"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"{14C626CA-ACAB-46e5-8A99-53C9E11CCCA0}_enabled" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"InstallTime" = "1418883472"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Installations]
"1418883489" = "v=7.5.5111.1712&tbbrand=NCHD&i=0"
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"AuthorizedLUAApp" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayIcon" = "%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"Policy" = "3"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ButtonPageRank" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar]
"test" = "41"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetPageRank" = "2"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\GoogleUpdate]
"InstallResult" = "pi"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"RbbsBreak" = "1"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"EulaAccepted" = "1"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions" = "yes"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"Policy" = "3"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleUpdaterService.exe" = "1"
"SearchWithGoogleUpdate.exe" = "1"
"GoogleToolbarManager.exe" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = "00"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName" = "GoogleToolbarUser_32.exe"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
"(Default)" = "Google Toolbar Helper"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"BrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component]
"PrimaryInstallDone" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"Compatibility Flags" = "1024"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"ToastSetHomePage" = "2"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"GTB7.5" = ""
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"UsageStatsEnabled" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"DisableBrowseByName" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"MinorVersion" = "5"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"Name" = "Google Toolbar"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Branding]
"ID" = "AB0A80C9D2FDA747740FD9725D3094D66CC61iHFEF"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"InstallLocation" = "%Program Files% (x86)\Google\Google Toolbar\"
"NoModify" = "1"
"MajorVersion" = "7"
"NoRepair" = "1"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"(Default)" = "Google Toolbar"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppName" = "GoogleToolbarUser_64.exe"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"brand" = "NCHD"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath" = "%Program Files% (x86)\Google\Google Toolbar"
[HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll"
The PUP deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
[HKCU\Software\Classes\Local Settings\MuiCache\29]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\Programmable]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}]
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum]
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"UseIe64"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Vendor"
[HKCU\Software\Google\Google Toolbar\4.0]
"Update"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"RefreshIE"
[HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"lang"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\4.0\Setup]
"WelcomePage"
The process GoogleToolbarManager_8CA8B41417E66DEB.exe:1808 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\NonManifest\C:\ProgramData\Google\Custom Buttons]
"toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML" = "1"
[HKLM\SOFTWARE\Wow6432Node\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll" = "1"
The process GoogleToolbarNotifier.exe:1940 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost.1\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0]
"(Default)" = "protector_dllLib"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"(Default)" = "ProtectorExe"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}]
"(Default)" = "IProtectorLib8"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}]
"(Default)" = "IProtectorLib7"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}]
"(Default)" = "IProtector10"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}]
"(Default)" = "IProtector2"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}]
"(Default)" = "IProtector5"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"Version" = "1a.0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}]
"(Default)" = "IProtectorHost"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}]
"(Default)" = "IProtector3"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\ProtectorExe.EXE]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.Protector.1\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\ProtectorExe.ProtectorHost\CLSID]
"(Default)" = "{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\ProgID]
"(Default)" = "protector_dll.Protector.1"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\protector_dll.Protector\CLSID]
"(Default)" = "{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\Wow6432Node\Interface\{2212951C-1623-4095-906B-AC50B8F91016}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\ProtectorExe.ProtectorHost]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}]
"(Default)" = "IProtector4"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\HELPDIR]
"(Default)" = ""
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}]
"(Default)" = "IProtector11"
[HKCR\Wow6432Node\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\VersionIndependentProgID]
"(Default)" = "protector_dll.Protector"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}]
"(Default)" = "IProtectorLib3"
[HKCR\Interface\{9891812B-5820-4A77-827E-772B200239E1}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}]
"(Default)" = "IProtector6"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\TypeLib]
"Version" = "1a.0"
[HKCR\ProtectorExe.ProtectorHost.1]
"(Default)" = "ProtectorHost Class"
[HKCR\Wow6432Node\Interface\{BACAB2F3-7213-4865-96E9-B6B06BF49192}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\protector_dll.Protector\CurVer]
"(Default)" = "protector_dll.Protector.1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName" = "GoogleToolbarNotifier.exe"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\TypeLib]
"Version" = "1a.0"
[HKCR\AppID\{A97CA128-6998-4F8E-807E-8ED05FADAFB0}]
"RunAs" = "Interactive User"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}]
"(Default)" = "IProtectorLib5"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ProtectorExe.ProtectorHost\CurVer]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\0\win32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\Wow6432Node\Interface\{17484B9D-89FA-484F-912E-017D06C41FE0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"Policy" = "3"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}]
"(Default)" = "IProtector12"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}]
"(Default)" = "IProtectorHost2"
[HKCR\Interface\{91F39C2A-95E7-497A-A539-0AC715DC66D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\TypeLib]
"Version" = "1a.0"
[HKCR\protector_dll.Protector.1]
"(Default)" = "Protector Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll"
[HKCR\protector_dll.Protector]
"(Default)" = "Protector Class"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{9D932020-700E-4F0D-8446-2872ABD8B4FA}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{315A0BBF-D55B-4FCE-833E-8BAA5B6344F6}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}]
"(Default)" = "IProtector8"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}]
"(Default)" = "IProtector"
[HKCR\Wow6432Node\Interface\{2351B346-00E8-4EAC-9B75-B138B465D659}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}]
"(Default)" = "IProtector9"
[HKCR\Interface\{F1A383D4-0364-4092-82E0-C39DAE5D801D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DA69D3CC-7676-4A65-889F-C052977F1AA9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}]
"(Default)" = "Protector Class"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\Interface\{5D358B5C-3415-42BB-A606-E1089B674F41}]
"(Default)" = "IProtector7"
[HKCR\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}]
"(Default)" = "IProtectorLib"
[HKCR\Wow6432Node\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{A45CDEEB-65F5-49AE-AA3E-9376F4806075}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{DD65ABB2-2628-425B-86F5-825E4A3D3AD9}]
"(Default)" = "IProtectorLib4"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\Wow6432Node\Interface\{6EACF525-5F81-4381-9E46-DC316C39E0D2}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{AF606610-3627-4DF2-A6D5-32C6A355ACD1}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}]
"(Default)" = "IProtectorLib6"
[HKCR\Wow6432Node\Interface\{6C110376-C248-47F6-9DB2-CFCDEADB6A3E}\TypeLib]
"Version" = "1a.0"
[HKCR\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{480AD54B-C652-44B9-BCF6-746745055CD3}\TypeLib]
"Version" = "1a.0"
[HKCR\Wow6432Node\Interface\{235317AD-6EF4-4209-9354-F88869E1A3BB}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Wow6432Node\Interface\{A0CF48B9-DB91-49A5-BEE7-2FB45BA2F610}]
"(Default)" = "IProtectorLib2"
[HKCR\Wow6432Node\Interface\{1F7328B7-E25A-4527-B24B-D9173401BB89}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Wow6432Node\Interface\{91959FBB-853A-4AC7-A082-2DDF787F4CA9}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\Interface\{277FD1E8-9884-4E0A-9392-7CFF83F067B2}\TypeLib]
"Version" = "1a.0"
The process GoogleToolbarNotifier.exe:1752 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"HideUI_Throttled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"DetectChange_DS" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier]
"KeepDS" = "688508711"
"FirstRun" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Icon_Click" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "C0 12 95 66 8A 1A D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2A\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UpdateURL" = "http://clients1.google.com/tools/swg2/update"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Google\GoogleToolbarNotifier]
"lds" = "http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_TrayIcon" = "0"
[HKCU\Software\Google\Google Toolbar\4.0]
"UpdateResult" = "98"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "C0 12 95 66 8A 1A D0 01"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DefaultLanguage" = "en"
"TS" = "1418883492"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"Bubble_Click" = "0"
"UserAllowChange_DS" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Google\GoogleToolbarNotifier]
"AppPath" = "%Program Files% (x86)\Google\GoogleToolbarNotifier"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ShowUI_Popup" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"InstalledVersion" = "5.7.9012.1008"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"LastReportTime" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scShowTrayIcon" = "ffffffff"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\Google\GoogleToolbarNotifier]
"UsageStat" = "1"
[HKCU\Software\Google\GoogleToolbarNotifier\Stats]
"ModifyUI_UserIntent" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Google\Google Toolbar\4.0\Options]
"Extc" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"scKeepDS" = "2909cf27"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionTime" = "C0 12 95 66 8A 1A D0 01"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The PUP deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKCU\Software\Google\GoogleToolbarNotifier]
"WantProductRestart"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Google\GoogleToolbarNotifier]
"ts"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Google\GoogleToolbarNotifier]
"DSPSuspended"
"SuspendedDS"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
The process regsvr32.exe:3096 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\ProgID]
"(Default)" = "ProtectorExe.ProtectorHost.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"(Default)" = "ProtectorHost Class"
[HKCR\protector_dll.ProtectorBho\CurVer]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\protector_dll.ProtectorLib\CurVer]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}]
"(Default)" = "protector_dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"(Default)" = "ProtectorLib Class"
[HKCR\protector_dll.ProtectorBho.1\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorLib"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\VersionIndependentProgID]
"(Default)" = "protector_dll.ProtectorBho"
[HKCR\protector_dll.ProtectorBho.1]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\protector_dll.ProtectorLib.1\CLSID]
"(Default)" = "{84798B8E-69F8-4846-9516-373C2996E2F7}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"AppID" = "{A97CA128-6998-4F8E-807E-8ED05FADAFB0}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
[HKCR\protector_dll.ProtectorLib]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\ProgID]
"(Default)" = "protector_dll.ProtectorLib.1"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\VersionIndependentProgID]
"(Default)" = "ProtectorExe.ProtectorHost"
[HKCR\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorLib.1]
"(Default)" = "ProtectorLib Class"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ProgID]
"(Default)" = "protector_dll.ProtectorBho.1"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\TypeLib]
"(Default)" = "{C7CB459A-7261-4AE6-A87A-17041EE98A40}"
[HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\protector_dll.ProtectorBho]
"(Default)" = "Google Toolbar Notifier BHO"
[HKCR\AppID\protector_dll.DLL]
"AppID" = "{96FBC13C-8214-4100-88E0-FF74D7A1CB4D}"
[HKCR\protector_dll.ProtectorBho\CLSID]
"(Default)" = "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"
[HKCR\CLSID\{84798B8E-69F8-4846-9516-373C2996E2F7}\InprocServer32]
"(Default)" = "%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll"
The process SearchWithGoogleUpdate_C993F490EED40C1B.exe:2360 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"Version" = "5.7.9012.1008"
"ID" = "e169e429ea1b47a2bac23449a7cbdad6"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files% (x86)\Google\Update\1.3.24.15, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\327c54aa\, , \??\%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008,"
[HKCU\Software\Google\GoogleToolbarNotifier\Temp]
"ust" = "100"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier\Clients]
"ietb" = "0"
[HKLM\SOFTWARE\Wow6432Node\Google\GoogleToolbarNotifier]
"brand" = "NCHD"
The PUP deletes the following registry key(s):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Dropped PE files
| MD5 | File path |
|---|---|
| 5d4bc124faae6730ac002cdb67bf1a1c | c:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe |
| 1223e7efa6dda842c37985a62f10001f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll |
| 6fffd47eb8cc3a6ca44619f16a7d0ae6 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll |
| 96af87c526ec7a8f32dc3f1f2a63a4a7 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll |
| d2d2a0e0ecd8a2ea750d6be34337d00d | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll |
| 4c401fcc6d0c95e1a5d989e403e18f2f | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll |
| 1f2afab903c0d48480561f3bbd4539c2 | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe |
| 4beaf576cb43358c4db9f45ac7c09cdb | c:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe |
| 4b78e9ae06f7c310e30ee2fa5b7ebc3c | c:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe |
| e8b7fd67da14a7be57a5cb80e3139e60 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe |
| 211f96eb417ff837a70f5130e63a1a45 | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe |
| 81590207a8efab40bafe743d8073eb9b | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll |
| 30c83447379d5955e992bd43be8d115e | c:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll |
| 13d401e46ad0c5a8442fc57fadbf5751 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll |
| aeb43d2a8158fb535f48f440cc266953 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll |
| d3088606c810a355eae9b9056c9b5392 | c:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll |
| 5d61be7db55b026a5d61a3eed09d0ead | c:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe |
| 5a6381e0afb4e0b9fd318c1c76efe9dc | c:\Program Files (x86)\Google\Update\Install\{9ED6278D-3499-43D2-BA30-93D0A1DF8374}\googletoolbarinstaller_en_signed.exe |
| 6154f737535b3dbea39c63223d52f5b8 | c:\Program Files (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe |
| c9d7f12d4b1567ef2b823a9f872b3c9d | c:\Program Files (x86)\NCH Software\Scribe\hookappcommand.dll |
| 361881c965f3b2f45f45de2979f6b7fe | c:\Program Files (x86)\NCH Software\Scribe\scribe.exe |
| dd481c837b6303531af365d95637692f | c:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1776
GoogleUpdate.exe:1160
GoogleUpdate.exe:3620
GoogleUpdate.exe:3708
GoogleUpdate.exe:2608
GoogleUpdate.exe:1440
GoogleUpdaterService.exe:3320
GoogleUpdaterService.exe:1448
googletoolbarinstaller_en_signed.exe:2364
GoogleUpdaterService_B33FC4DD36A473C6.exe:2448
scribe.exe:476
scribe.exe:2252
scribe.exe:2676
%original file name%.exe:1960
GoogleUpdateSetup_latest.exe:1664
nchsetup.exe:3836
GoogleToolbarManager_8CA8B41417E66DEB.exe:3948
GoogleToolbarManager_8CA8B41417E66DEB.exe:3128
GoogleToolbarManager_8CA8B41417E66DEB.exe:1808
GoogleToolbarNotifier.exe:1940
GoogleToolbarNotifier.exe:1752
regsvr32.exe:3096
NCH_GoogleToolbar.exe:1532
SearchWithGoogleUpdate_C993F490EED40C1B.exe:2360 - Delete the original PUP file.
- Delete or disinfect the following files created/modified by the PUP:
%Program Files% (x86)\Google\Update\Install\{9ED6278D-3499-43D2-BA30-93D0A1DF8374}\googletoolbarinstaller_en_signed.exe (38734 bytes)
C:\Windows\Temp\guiACB2.tmp (15 bytes)
%Program Files% (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe (38249 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdate.dll (835 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_en.dll (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe (620 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar.7.5.5111.1712.manifest.xml (36 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_0A4439FF67F61065.dll (2 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe (50 bytes)
C:\Windows\System32\config\SOFTWARE (59603 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_F8ED9B719A89F8EF.dll (489 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8E471B27054D20F5.dll (149 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_365102BD7F6C8091.dll (390 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe (801 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleCld_187F9D811452062B.dll (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller2.log (43972 bytes)
C:\$Directory (672 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe (50 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_54BD4059920ABC8A.dll (514 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe (1480 bytes)
%Program Files% (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe (390 bytes)
C:\Windows\System32\config\SOFTWARE.LOG1 (54812 bytes)
%Program Files% (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (390 bytes)
%Program Files% (x86)\NCH Software\Components\NCHToolbars\google\NCH_GoogleToolbar.exe (382879 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_scribe_rl_adm (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Status\s0000000.sta (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current\Welcome.wav (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current\Welcome.dat (832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.dat (7384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.cab (647 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchdata.cab (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\n1s\nchsetup.exe (29704 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_mr.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_lv.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fi.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\npGoogleUpdate3.dll (838 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateHelper.msi (25 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sw.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleCrashHandler64.exe (550 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateBroker.exe (59 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_nl.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ta.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_tr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_te.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ml.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ms.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pl.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_es.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_bn.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ur.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_iw.dll (26 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_gu.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sl.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\psuser.dll (159 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_el.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fil.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdate.exe (234 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ja.dll (24 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_et.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_es-419.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pt-BR.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sk.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_da.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fr.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_de.dll (31 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_kn.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_uk.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\psmachine.dll (159 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_no.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_th.dll (27 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_bg.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_pt-PT.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_vi.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sv.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_lt.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_zh-CN.dll (21 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ko.dll (23 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hu.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_zh-TW.dll (21 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ar.dll (26 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_it.dll (30 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_is.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ro.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_en-GB.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hi.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_hr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_fa.dll (27 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_id.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleCrashHandler.exe (212 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_am.dll (25 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateOnDemand.exe (59 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_sr.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\GoogleUpdateSetup.exe (5441 bytes)
%Program Files% (x86)\GUT8F83.tmp (4 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_cs.dll (28 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ca.dll (29 bytes)
%Program Files% (x86)\GUM8F82.tmp\goopdateres_ru.dll (28 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Current\Welcome.wav (34532 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Favorites\NCH Software Download Site.lnk (310 bytes)
%Program Files% (x86)\NCH Software\Scribe\hookappcommand.dll (6988 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk (1 bytes)
%Program Files% (x86)\NCH Software\Scribe\scribe.exe (13171 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk (1 bytes)
C:\Users\Public\Desktop\Express Scribe Transcription Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Typing Expander Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Current\Welcome.dat (96 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk (1 bytes)
C:\Users\Public\Desktop\NCH Suite.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk (1 bytes)
C:\ProgramData\NCH Software\Scribe\Status\Template.doc (8844 bytes)
%Program Files% (x86)\NCH Software\Scribe\scribesetup_v5.69.exe (7345 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Dictation Recorder.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs\Transcription Software.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleToolbarInstaller1.log (2418 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (1281 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (673 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (1425 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelper_signed.msi (28 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe (2321 bytes)
%Program Files% (x86)\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp (125 bytes)
C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML (12 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (1 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll (151 bytes)
%Program Files%\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (348 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nse8F35.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\GoogleUpdateSetup_latest.exe (25250 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll (49 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (79 bytes)
%Program Files% (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url (212 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: NCH Software
Product Name: ExpressScribe
Product Version:
Legal Copyright: NCH Software
Legal Trademarks:
Original Filename:
Internal Name: Scribe
File Version: 5.69
File Description: Express Scribe Transcription Software
Comments:
Language: English (Australia)
Company Name: NCH SoftwareProduct Name: ExpressScribeProduct Version: Legal Copyright: NCH SoftwareLegal Trademarks: Original Filename: Internal Name: ScribeFile Version: 5.69File Description: Express Scribe Transcription SoftwareComments: Language: English (Australia)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .rdata | 4096 | 2338 | 2560 | 2.76389 | a322bee8b6315dcdf55664104eb8aed4 |
| .data | 8192 | 1596 | 2048 | 3.48789 | cc10a049565dcd8a13f7ded9f6d7749b |
| .rsrc | 12288 | 926180 | 926208 | 5.54419 | f66a72f3858d6369e9336af805d17452 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://audiochannel.net/versions/components/tb_google_row.dat | |
| hxxp://audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | |
| hxxp://tools.l.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7e5273f67c02628d | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | |
| hxxp://tools.l.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=e169e429ea1b47a2bac23449a7cbdad6eb587e946e&from=&to=5.7.9012.1008 | |
| hxxp://tools.l.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1418883492&fitime=1418883492&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AB0A80C9D2FDA747740FD9725D3094D66CC61iHFEF | |
| hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?03c3bc9a7f722e83 | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | |
| hxxp://clients1.google.com/tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=e169e429ea1b47a2bac23449a7cbdad6eb587e946e&from=&to=5.7.9012.1008 | 173.194.113.200 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 88.221.132.244 |
| hxxp://www.audiochannel.net/versions/components/tb_google_row.dat | 66.39.83.117 |
| hxxp://dl.google.com/dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe | 173.194.113.193 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= | 23.43.139.27 |
| hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 88.221.132.244 |
| hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 88.221.132.244 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?03c3bc9a7f722e83 | 88.221.132.223 |
| hxxp://clients1.google.com/tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1418883492&fitime=1418883492&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AB0A80C9D2FDA747740FD9725D3094D66CC61iHFEF | 173.194.113.200 |
| hxxp://www.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe | 66.39.83.117 |
| hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 88.221.132.244 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= | 23.43.139.27 |
| hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= | 23.43.139.27 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.43.139.27 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7e5273f67c02628d | 88.221.132.223 |
| hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
| tools.google.com | 173.194.113.198 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 06:18:38 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT
ETag: "3e1c83923e1cf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 06:18:38 GMT
Connection: keep-alive
....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT
ETag: "58cddbea90dfcf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 06:18:38 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT..ETag: "58cddbea90dfcf1:0"..Cache-Control: max-age=900..Date: Thu, 18 Dec 2014 06:18:38 GMT..Connection: keep-alive..
GET /versions/components/tb_google_row.dat HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 404 Not Found
Date: Thu, 18 Dec 2014 06:17:41 GMT
Server: Apache/2.2.29
Content-Length: 235
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /versions/components/tb_google_row.dat was not found on this server.</p>.</body></html>...
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?03c3bc9a7f722e83 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Thu, 18 Dec 2014 06:18:39 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Thu, 18 Dec 2014 06:22:11 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.HTTP/1.1 200 OK..Server: Apache..ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"..Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT..Date: Thu, 18 Dec 2014 06:22:11 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....0209231715
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=572801, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 21:24:36 GMT
Expires: Wed, 24 Dec 2014 21:24:36 GMT
Date: Thu, 18 Dec 2014 06:18:03 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20141217212436Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20141217212436Z....20141224212436Z0...*.H.................X2.I...~.."...c.6U.....&H."....u......F..Y{.$.q......5....H......6....:..z.d,..ct.. ../.....~......V.-.#. j2x.t...>...I.@p.Tk.....PX!{WR.....-'..~...p..1*M.oT.rV.I/.c..........l.>.}.I....@Z.8,.n..[.5.y...x.$s.O.?.....D..1...v...1.E7#m=m ..........W........0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#...5
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECkSxwyaK4o+9vYHRmLWi40= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=455079, public, no-transform, must-revalidate
Last-Modified: Tue, 16 Dec 2014 12:39:32 GMT
Expires: Tue, 23 Dec 2014 12:39:32 GMT
Date: Thu, 18 Dec 2014 06:18:08 GMT
Connection: keep-alive
0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..20141216123932Z0s0q0I0... ...................F....0.yV......{&.K......&.......).... .>...Fb.......20141216123932Z....20141223123932Z0...*.H.............q...^..g.V.~..1[...'...Y....j4....4.N.~p.c6F...q{=.p.T.A.~.}&..[....A.i...@.9...{...}.$U.9$.......@.%..Ka.i6.... C....J.m[.o.|...S.r.'W.......qD.0.]9...@l.ww....m.,j._.uc........u'Q9i{7a.m..8....H.f...~.5..V...F3.\.ie`/....ZD....".hJ[..%......2...d......A....0...0...0........../...nj0...}..i..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...141204000000Z..150304235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........4.4...........o....?..f.........I.!.b.L...L..U.........rM.,.....=..cR4d.~*..k..x......=.WT.<.A2n1.qZyM.M..Q_...8....9....d.... ...'.........h..Z..I...(.b.jK..DO.ra..gb..j..A.(....mrzU.w.......Bv...l.:s..L....y.....u..n.)W......Y!....Q...,.i|.....:.Mu..DD1.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24600...*.H..............pjd....VpE.6.tO..@.....7.=.. ...........hi.......>....Q.?
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=504753, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 02:34:46 GMT
Expires: Wed, 24 Dec 2014 02:34:46 GMT
Date: Thu, 18 Dec 2014 06:22:13 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141217023446Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......l$.%t...............20141217023446Z....20141224023446Z0...*.H................!..4./....*Dj...$."......1.".x..C...}.o.u.-...:..V..IG.p.......G@."..~...c.....s.5sf...C;.`C.S~.....v...H..w..V...oo.z7.}C...m...8.-t..|?32.V...Q).txG.........Y.|N...l.#..;.......&.T.je.=.C?..f...T?....(.iv.})_q.....R.'0@...uW.y..8),.....J...7.............#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=484239, public, no-transform, must-revalidate
Last-Modified: Tue, 16 Dec 2014 20:49:17 GMT
Expires: Tue, 23 Dec 2014 20:49:17 GMT
Date: Thu, 18 Dec 2014 06:22:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20141216204917Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20141216204917Z....20141223204917Z0...*.H..................8*.6....l...7.y.......P.j..(.V"L........]/.o%.P..A.Z.Etv...C.....{......BC|R..tD..T. ....IbA......`...7..`....).. |Q\.....|~...U..z,m.@...).`.Z.8.Trky. ..r...TUg.h*....Z.&......,8r.../.2..,E....V..D..}'.]....8Lt...........}Jc..s{..|.!..b_.^..._..E`.......0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=500183, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 01:14:37 GMT
Expires: Wed, 24 Dec 2014 01:14:37 GMT
Date: Thu, 18 Dec 2014 06:22:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141217011437Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20141217011437Z....20141224011437Z0...*.H.............@.v..Q.[k.2......."7..".m...".=....z.C.........(....F-Q\#.....P.....;.....":W.......'(........3...r.....OB..............JV5...7X.*..QM....Uf...6.....g.p.#....98..&...<.......I.@.|../!.qT.....W..qB..o.x.^(..3.#....}.....o...Lq...Y.~...X.\.?......~..opF.u......#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1503
content-transfer-encoding: binary
Cache-Control: max-age=487560, public, no-transform, must-revalidate
Last-Modified: Tue, 16 Dec 2014 21:44:34 GMT
Expires: Tue, 23 Dec 2014 21:44:34 GMT
Date: Thu, 18 Dec 2014 06:22:17 GMT
Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..20141216214434Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP..G.Mxs..../.p./.^....20141216214434Z....20141223214434Z0...*.H.............*M..q."...|l......R...L....X.Kmf.C..=..`.Dq.l.iO..../...g-.^...y..f*f..d..L.....~5.i..O2.8..........45...e{;p....w1Li.......,K.K...r.....,X8.^.$ld...h.j..(`..uG$^...#....Xl.5...*f......h.v...vp9..(......%1..#.z?r4q`:.....I.S.b..p.t.1...E......`..9...%.y.......0...0...0............I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawte, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 thawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s.....S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3.)...y#.........i0g0...U.%..0... .......0... .....0......0...U.......0.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H................lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... .........GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h........U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEGpWCCD6PprY5UEXNLHUCtU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=556432, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 16:54:28 GMT
Expires: Wed, 24 Dec 2014 16:54:28 GMT
Date: Thu, 18 Dec 2014 06:22:17 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0...............w/.|`....a...20141217165428Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..jV. .>...A.4........20141217165428Z....20141224165428Z0...*.H................_.9..(.l.N....Z.pMM...V.*.*...2....3.q..ur..{.b...W..(%p[.c3Q...Y=..g..Y...R....Lh!.I...w..;.0.;b..9......i.y...M.QY.V..c...U........|..e4.s.Iv....jY.M.....,B...k.....v....TK..ol.N.i.X..*H...{.,.....].C.aR.." .q.|.gdO.r...Oe@M......I.1...
GET /tools/swg2/update?type=c&as=swg&os=win&osv=6.1.7601&hl=en&ie=10.0.9200.16521&ds=0&pds=0&su=0&hpi=-1&brand=NCHD&pa=9&cl=1&tbv=&id=e169e429ea1b47a2bac23449a7cbdad6eb587e946e&from=&to=5.7.9012.1008 HTTP/1.1
Accept: */*
User-Agent: SearchWithGoogle
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Thu, 18 Dec 2014 06:18:12 GMT
Expires: Thu, 18 Dec 2014 06:18:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.002
Transfer-Encoding: chunked
16..rlz: 1R______enUA619..0..HTTP/1.1 200 OK..Content-Type: text/plain..Date: Thu, 18 Dec 2014 06:18:12 GMT..Expires: Thu, 18 Dec 2014 06:18:12 GMT..Cache-Control: private, max-age=0..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server: GSE..Alternate-Protocol: 80:quic,p=0.002..Transfer-Encoding: chunked..16..rlz: 1R______enUA619..0..
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.5
VTag: 279123815300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 06:22:16 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@...
GET /tools/pso/ping?as=tbin&gu=pi&mode=3&sin=1&ein=0&version=7.5.5111.1712&brand=NCHD&hl=en&tbiv=7.5.5111.1712&time=1418883492&fitime=1418883492&browser=9.10.9200.16521&osver=6.1&ossp=1.0&osarch=64&ext=EXE&id=AB0A80C9D2FDA747740FD9725D3094D66CC61iHFEF HTTP/1.1
User-Agent: Google Toolbar installer
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Thu, 18 Dec 2014 06:18:12 GMT
Expires: Thu, 18 Dec 2014 06:18:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.002
Transfer-Encoding: chunked
2..ok..0..
GET /components/toolbars/NCH_GoogleToolbar.exe HTTP/1.0
Host: VVV.audiochannel.net
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 06:17:41 GMT
Server: Apache/2.2.29
Last-Modified: Fri, 17 May 2013 06:15:28 GMT
ETag: "befd0-4dce3e8c8c000"
Accept-Ranges: bytes
Content-Length: 782288
Connection: close
Content-Type: application/octet-stream
X-Pad: avoid browser bug
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#yd.B.7.B.7.B.7..z7.B.7..l7.B.7.B.7.B.7.:.7.B.7...7.B.7.:.7.B.7Rich.B.7........................PE..L...?..I.................h...@...B...4............@.................................z................................................................................................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H......G..H.P.u..u..u...|.@..K...SV.5..G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h.2G.W....@..u.W...u....E.P.u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ.U.
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7e5273f67c02628d HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Thu, 18 Dec 2014 06:17:57 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Thu, 18 Dec 2014 06:17:57 GMT..Connection: keep-alive..
HEAD /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Thu, 18 Dec 2014 22:17:50 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 18 Dec 2014 06:17:50 GMT
Alternate-Protocol: 80:quic,p=0.002
....
GET /dl/toolbar/t7/data/7.5.5111.1712/googletoolbarinstaller_en_signed.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 25 Mar 2014 23:15:00 GMT
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: dl.google.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5030744
Content-Type: application/x-msdos-program
Etag: "416d3"
Expires: Thu, 18 Dec 2014 22:17:50 PST
Last-Modified: Tue, 25 Mar 2014 23:15:00 GMT
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Date: Thu, 18 Dec 2014 06:17:50 GMT
Alternate-Protocol: 80:quic,p=0.002
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R.&.3eu.3eu.3eu...u.3eu...u:3eu...u.3eu.3du.2eu...u.3eu...u.3eu.3eu.3eu...u.3euRich.3eu........................PE..L....F.S.................z..........9u............@...................................L...@.................................|...H.....................L.X............................................................................................text.............K.....PEC2*O......`....rsrc.................K............. ....reloc................L.............@...................................................................................................................................................................................................................................................................................................................................................................................................................................7%..l....7%.......{...@.k.i..Y.. ....O}...X..Q>!L........f.l.Hs..s...5.*.O..{0=L...L..j2}.\b.....s?P.........n......}M...^.......7..........5..).SF.f6..:.#.0...@|y.a-h......5>b......Jb6......u?l.q..Iu..fI$M.ex..A..5.3.)......k..u..~....y...U:..[.B..cHD.X...Yn...c............@..........2.F....q.."%.'..E.........).t.............{%...m.n............y.}.s.......a(...".....9.f...#."..l/....M..aA.3M.....B.k'.......]..z..w.8.B..2..S.z..l_....7=..3I[.l(.V.I.......!.K."c...`..5.7......w. .........3A...`.~.....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=340474, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 04:54:07 GMT
Expires: Mon, 22 Dec 2014 04:54:07 GMT
Date: Thu, 18 Dec 2014 06:22:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20141215045407Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20141215045407Z....20141222045407Z0...*.H.............O.1.P*........i..]w.. ..P.Z.....4....t#..LzE8>.4".....:..t9..eUg.U....1..J\=.'...I....?,.mr. |4<I..!..........Vd...m. ......H[x.1H./........f).........}....W8..bv?.CHZ2.hK..wx..ia....z@.f-o8.l....)>..Z..`$.p9.E..p...y..;4.n^.o.........Q....p..3.,..Lz>...3.....0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=359954, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 10:19:02 GMT
Expires: Mon, 22 Dec 2014 10:19:02 GMT
Date: Thu, 18 Dec 2014 06:22:17 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141215101902Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20141215101902Z....20141222101902Z0...*.H.............A.?v....x...R..IV..........9.%...OQ.&lm..L81!.l4......v,.....:e.......m.2\$K.I.GS..E95.J.G;...T...lj.....f.=.5!$..cM..0'....F.k.n.$.6s...V.<.xbrT....).nC...`Q.m18d.....V...?9O..X.$...bZ...[.....%z^.....'...l..e....b.(q..CH. .........T.M.d.:...@4.Sk.d!..-,....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
Map
The PUP connects to the servers at the folowing location(s):
Strings from Dumps
scribe.exe_2676:
.rdata
.rdata
@.data
@.data
.rsrc
.rsrc
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
.mixcrt
.mixcrt
KERNEL32.DLL
KERNEL32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
CWD %s
CWD %s
DELE %s
DELE %s
RNFR %s
RNFR %s
RNTO %s
RNTO %s
UxTheme.dll
UxTheme.dll
dwmapi.dll
dwmapi.dll
software=Scribe&version=5.69&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
software=Scribe&version=5.69&report=UINSTALL&text=%s-%s&language=en&platform=Win&extra1=%d%s
hXXp://%s/components/%s
hXXp://%s/components/%s
user32.dll
user32.dll
hXXp://VVV.audiochannel.net/versions/components/%s.txt
hXXp://VVV.audiochannel.net/versions/components/%s.txt
%s%d%d%d
%s%d%d%d
kernel32.dll
kernel32.dll
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
hXXp://cgi.nch.com.au/cgi-bin/regcheck.exe?cmd=v&id=%d&magic=%d&magicb=%d
tb_%s_us.dat
tb_%s_us.dat
tb_%s_uk.dat
tb_%s_uk.dat
tb_%s_row.dat
tb_%s_row.dat
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/versions/components/%s
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_Chrome.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/components/toolbars/NCH_GoogleToolbar.exe
hXXp://VVV.audiochannel.net/versions/scribe.txt
hXXp://VVV.audiochannel.net/versions/scribe.txt
comctl32.dll
comctl32.dll
TaskDialogIndirect
TaskDialogIndirect
software=Scribe&version=5.69&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
software=Scribe&version=5.69&report=COMMENT&text=COMMENT-%s&language=en&platform=Win
%s%s%s
%s%s%s
MAPI32.DLL
MAPI32.DLL
SMTP:%s
SMTP:%s
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
%s, %.2d %s 20%.2d %.2d:%.2d:%.2d %s%.2d%.2d
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
X-Mailer: Scribe VVV.nch.com.au/software
X-Mailer: Scribe VVV.nch.com.au/software
gc0p4Jq0M2Yt08jU534c%d
gc0p4Jq0M2Yt08jU534c%d
Content-Type: multipart/mixed; boundary=%s
Content-Type: multipart/mixed; boundary=%s
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
--%s--
--%s--
AUTH LOGIN
AUTH LOGIN
MKD %s
MKD %s
RMD %s
RMD %s
USER %s
USER %s
PASS %s
PASS %s
RETR %s
RETR %s
%s %s
%s %s
STOR %s
STOR %s
MFMT dddddd %s
MFMT dddddd %s
MDTM %s
MDTM %s
MLST %s
MLST %s
MLSD %s
MLSD %s
Windows_NT
Windows_NT
LIST %s
LIST %s
LIST %s*
LIST %s*
SIZE %s
SIZE %s
folder %s
folder %s
http=
http=
%s/%s
%s/%s
POST %s HTTP/1.0
POST %s HTTP/1.0
Host: %s
Host: %s
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Content-Length: %d
Content-Length: %d
HTTP/1.
HTTP/1.
google.com
google.com
yahoo.com
yahoo.com
C:\SourceCode\llib\include\../net/ssl.cpp
C:\SourceCode\llib\include\../net/ssl.cpp
GET %s HTTP/1.0
GET %s HTTP/1.0
CONNECT %s:%d HTTP/1.0
CONNECT %s:%d HTTP/1.0
GET %s%s%s HTTP/1.0
GET %s%s%s HTTP/1.0
User-Agent: %s
User-Agent: %s
webm
webm
%d %d
%d %d
?#%X.y
?#%X.y
PeekNamedPipe
PeekNamedPipe
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyW
RegEnumKeyW
RegSetKeySecurity
RegSetKeySecurity
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCreateKeyExW
CryptDeriveKey
CryptDeriveKey
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportExtEx
SetViewportExtEx
GDI32.dll
GDI32.dll
acmDriverClose
acmDriverClose
acmDriverDetailsW
acmDriverDetailsW
acmDriverEnum
acmDriverEnum
acmDriverOpen
acmDriverOpen
MSACM32.dll
MSACM32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHDeleteEmptyKeyW
SHDeleteEmptyKeyW
SHLWAPI.dll
SHLWAPI.dll
GetKeyState
GetKeyState
GetAsyncKeyState
GetAsyncKeyState
CreateDialogIndirectParamW
CreateDialogIndirectParamW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
UnhookWindowsHookEx
UnhookWindowsHookEx
UnregisterHotKey
UnregisterHotKey
SetWindowsHookExW
SetWindowsHookExW
GetKeyNameTextW
GetKeyNameTextW
MapVirtualKeyW
MapVirtualKeyW
RegisterHotKey
RegisterHotKey
USER32.dll
USER32.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
NETAPI32.dll
NETAPI32.dll
MSIMG32.dll
MSIMG32.dll
iphlpapi.dll
iphlpapi.dll
WININET.dll
WININET.dll
DNSAPI.dll
DNSAPI.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
zcÃ
zcÃ
SSShB
SSShB
SSSSSSSh$
SSSSSSSh$
SSSSSSShp5@
SSSSSSShp5@
u.SSW
u.SSW
z
z
SSShh
SSShh
PVVj.Vf
PVVj.Vf
D$`PWWj.Wf
D$`PWWj.Wf
PSSh4
PSSh4
F%XrB
F%XrB
PSSSSSSh
PSSSSSSh
SSShTfB
SSShTfB
_^[t.hp
_^[t.hp
}rSSh7
}rSSh7
ttSSh
ttSSh
C%uuQ
C%uuQ
!t.Ht
!t.Ht
Ht.Ht
Ht.Ht
PWSSh
PWSSh
.snduG
.snduG
Ph
Ph
Vh,%C
Vh,%C
Ph\%C
Ph\%C
WhL%C
WhL%C
Phl%C
Phl%C
Wh|%C
Wh|%C
t8Ht.Ht$Ht
t8Ht.Ht$Ht
PVSSh
PVSSh
%Program Files% (x86)\NCH Software\Scribe\scribe.exe
%Program Files% (x86)\NCH Software\Scribe\scribe.exe
ssshhhWWW
ssshhhWWW
-!.WF
-!.WF
2%SGE
2%SGE
(%xSK
(%xSK
=#"$%$&%$&%$&%$&%$"$/.0
=#"$%$&%$&%$&%$&%$"$/.0
3333333
3333333
33333333
33333333
"((("&&!
"((("&&!
"((("&&&
"((("&&&
"((("'''
"((("'''
3% !5&!%
3% !5&!%
5&!%3% !
5&!%3% !
D3.DD3.
D3.DD3.
.HKLJ
.HKLJ
SHD.SHD
SHD.SHD
44444444444
44444444444
4444444
4444444
4444444444
4444444444
44444444
44444444
444444444
444444444
mhXXp://ns.adobe.com/xap/1.0/
mhXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
Attachments of "%s"
Attachments of "%s"
%s file already exists. Do you want to replace it?
%s file already exists. Do you want to replace it?
%s\%s
%s\%s
Password
Password
.webm
.webm
"%s" "%s"
"%s" "%s"
%s -w %s
%s -w %s
"%s" "%s" "%s"
"%s" "%s" "%s"
Cannot open the file "%s" because it is corrupt.
Cannot open the file "%s" because it is corrupt.
Cannot open the file "%s". Check it exists and you have read access.
Cannot open the file "%s". Check it exists and you have read access.
Cannot open the file "%s". It is possible the file format is not supported by this program. Please see "hXXp://VVV.nch.com.au/acm/formats.html" for more information.
Cannot open the file "%s". It is possible the file format is not supported by this program. Please see "hXXp://VVV.nch.com.au/acm/formats.html" for more information.
Cannot open the file "%s" because the required codec ("%s") is not installed. See "hXXp://nch.com.au/acm/index.html" for more information.
Cannot open the file "%s" because the required codec ("%s") is not installed. See "hXXp://nch.com.au/acm/index.html" for more information.
Cannot open the file "%s" because it is using an unknown codec or is possibly not a real wave file.
Cannot open the file "%s" because it is using an unknown codec or is possibly not a real wave file.
Cannot open the file "%s". It is possibly either corrupt or not a true layer-3 MPEG file.
Cannot open the file "%s". It is possibly either corrupt or not a true layer-3 MPEG file.
Visit "hXXp://VVV.microsoft.com/directx" to obtain the latest version.
Visit "hXXp://VVV.microsoft.com/directx" to obtain the latest version.
.flac
.flac
The decoder process failed when decompressing the file "%s" to wave format. It is possible your logon account does not have write access to the folder "%s"
The decoder process failed when decompressing the file "%s" to wave format. It is possible your logon account does not have write access to the folder "%s"
Cannot open file "%s". It is possible that the file is protected with Digital Rights Management (DRM) which limits where the audio file can be used.
Cannot open file "%s". It is possible that the file is protected with Digital Rights Management (DRM) which limits where the audio file can be used.
Cannot open the file "%s". It is possible you do not have the Sony plugin installed or your recorder is not supported. If you do not have the plugin please download it from "hXXp://VVV.nch.com.au/scribe/sony.html".
Cannot open the file "%s". It is possible you do not have the Sony plugin installed or your recorder is not supported. If you do not have the plugin please download it from "hXXp://VVV.nch.com.au/scribe/sony.html".
key%u
key%u
Unable to load an encrypted recording because the decryption key has not been set. Please enter the decryption key and try to load the dictation again.
Unable to load an encrypted recording because the decryption key has not been set. Please enter the decryption key and try to load the dictation again.
The notes for this dictation are too long to display in the notes window. They have been moved to an attachment called "%s".
The notes for this dictation are too long to display in the notes window. They have been moved to an attachment called "%s".
_%d.owf
_%d.owf
Saving: %s
Saving: %s
Unable to open dct or wav file because audio compression codec is not installed on this computer or file is corrupt. If the problem persists see VVV.nch.com.au/acm for more information about codecs. You might need to install further Audio Compression Manager codecs from your Windows CD-ROM. If it is a wav file, try to open it with Windows Media Player to auto-install codecs.
Unable to open dct or wav file because audio compression codec is not installed on this computer or file is corrupt. If the problem persists see VVV.nch.com.au/acm for more information about codecs. You might need to install further Audio Compression Manager codecs from your Windows CD-ROM. If it is a wav file, try to open it with Windows Media Player to auto-install codecs.
Attempt to delete the file "%s" failed. It is possible that the folder is read only or your do not have delete access rights on the folder.
Attempt to delete the file "%s" failed. It is possible that the folder is read only or your do not have delete access rights on the folder.
Component download or installation failed. (%s)
Component download or installation failed. (%s)
The %s format is not supported by Express Scribe.
The %s format is not supported by Express Scribe.
_%s_%s
_%s_%s
*._%s_%s
*._%s_%s
Checking for files to load from FTP...
Checking for files to load from FTP...
Cannot log onto the FTP server "%s". The server may be having problems. Otherwise please check you have entered the server name and any required user and password correctly.
Cannot log onto the FTP server "%s". The server may be having problems. Otherwise please check you have entered the server name and any required user and password correctly.
Cannot find the directory "%s" on the FTP server.
Cannot find the directory "%s" on the FTP server.
Incoming%d
Incoming%d
FTPSecure
FTPSecure
FTPServer
FTPServer
.aiff
.aiff
.aifc
.aifc
Temp%d.wav
Temp%d.wav
.dart
.dart
.mpdp
.mpdp
shell32.dll
shell32.dll
%sAscend
%sAscend
Bookmarks of "%s"
Bookmarks of "%s"
Track %d
Track %d
CD%.2dTrack%.2d_Dur%s.cda
CD%.2dTrack%.2d_Dur%s.cda
.orig
.orig
.dvr-ms
.dvr-ms
bookmark%d
bookmark%d
bookmarkÃœreatedate
bookmarkÃœreatedate
bookmarkÃata
bookmarkÃata
%.8u.dat
%.8u.dat
%s:%s:%s.000
%s:%s:%s.000
*.dat
*.dat
Video playback requires %s
Video playback requires %s
UseSMTPHost
UseSMTPHost
MailSMTPHost
MailSMTPHost
SMTPAuthOn
SMTPAuthOn
SMTPUserName
SMTPUserName
SMTPPassword
SMTPPassword
Dictation (%s)
Dictation (%s)
Transcript.txt
Transcript.txt
F%sChannel
F%sChannel
control.exe mmsys.cpl,,1
control.exe mmsys.cpl,,1
sndvol32.exe /rec
sndvol32.exe /rec
Dock %u
Dock %u
Please connect your portable recorder to your computer and press the play button on your portable recorder.
Please connect your portable recorder to your computer and press the play button on your portable recorder.
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpPassword
FtpPassword
FtpDirectory
FtpDirectory
dctfwd%sender-num%-%dict-num%-%dict-name%
dctfwd%sender-num%-%dict-num%-%dict-name%
FTP Server Details Required.
FTP Server Details Required.
Please enter the FTP server name, user name, password and directory.
Please enter the FTP server name, user name, password and directory.
Hotkey
Hotkey
FTPAnonymous
FTPAnonymous
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe
Time must be between %s and %s.
Time must be between %s and %s.
%sColumn
%sColumn
%sText
%sText
VVV.nch.com.au/scribe/index.html
VVV.nch.com.au/scribe/index.html
VVV.nch.com.au/scribe/support.html
VVV.nch.com.au/scribe/support.html
hXXp://VVV.nch.com.au/suggestions/index.html?software=Scribe&version=5.69
hXXp://VVV.nch.com.au/suggestions/index.html?software=Scribe&version=5.69
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69
Dock a recording from a portable recorder (using default method)
Dock a recording from a portable recorder (using default method)
System-Wide Hot-Keys...
System-Wide Hot-Keys...
Float Above Other Windows
Float Above Other Windows
High Pass Filter
High Pass Filter
Export Notes...
Export Notes...
Transfer from Portable (Dock)
Transfer from Portable (Dock)
scribe.exe
scribe.exe
%s - Licensed software
%s - Licensed software
%s - Licensed to %s
%s - Licensed to %s
%s (Unlicensed) Non-commercial home use only
%s (Unlicensed) Non-commercial home use only
WindowStandard
WindowStandard
%s Mini
%s Mini
%s v 5.69
%s v 5.69
Welcome.dat
Welcome.dat
List %d of %lu
List %d of %lu
This %s file is not supported by Express Scribe.
This %s file is not supported by Express Scribe.
*.dct
*.dct
%s.dct
%s.dct
A file with the name '%s' already exists.
A file with the name '%s' already exists.
ExportNotesFolder
ExportNotesFolder
notes.txt
notes.txt
Export Notes
Export Notes
Error exporting notes.
Error exporting notes.
The wordprocessor base file %s does not exist.
The wordprocessor base file %s does not exist.
%s: %s
%s: %s
highpass
highpass
Disable system-wide hot-keys
Disable system-wide hot-keys
Enable system-wide hot-keys
Enable system-wide hot-keys
"%s" has sent a dictation cancel and recover notice for the file "%s". Do you want to delete this file from the list?
"%s" has sent a dictation cancel and recover notice for the file "%s". Do you want to delete this file from the list?
%s File Format
%s File Format
Speed (%d%%)
Speed (%d%%)
Playback Speed (%d%%)
Playback Speed (%d%%)
The file '%s' that Express Scribe is attempting to load is encrypted. A decryption key has not been set so it cannot load the file. Would you like to set one now?
The file '%s' that Express Scribe is attempting to load is encrypted. A decryption key has not been set so it cannot load the file. Would you like to set one now?
Set Key
Set Key
Decryption Key Not Set
Decryption Key Not Set
The space on the hard drive is running low. Currently only %dMB is free. Please free space by deleting unused files.
The space on the hard drive is running low. Currently only %dMB is free. Please free space by deleting unused files.
@ (%s)
@ (%s)
%d of %d Loaded
%d of %d Loaded
Encryption key not set for this Dictation
Encryption key not set for this Dictation
File: %s
File: %s
From: %s
From: %s
Email: %s
Email: %s
You must have Express Scribe installed to open the file. Express Scribe can be downloaded free at VVV.nch.com.au/scribe.
You must have Express Scribe installed to open the file. Express Scribe can be downloaded free at VVV.nch.com.au/scribe.
Forwarded to %s
Forwarded to %s
Unable to copy the file "%s" into the send folder "%s".
Unable to copy the file "%s" into the send folder "%s".
Unable to logon to ftp server "%s" with user name "%s" and the entered password.
Unable to logon to ftp server "%s" with user name "%s" and the entered password.
FTP upload failed because the directory "%s" was not found on the server "%s".
FTP upload failed because the directory "%s" was not found on the server "%s".
FTP upload of file "%s" failed.
FTP upload of file "%s" failed.
Forwarded to %s/%s
Forwarded to %s/%s
=:d
=:d
%d:d
%d:d
=:d.d
=:d.d
%d:d.d
%d:d.d
d:d
d:d
d:d.d
d:d.d
-:d:d
-:d:d
%d:d:d
%d:d:d
d:d:d
d:d:d
d:d:d.d
d:d:d.d
-:d:d.d
-:d:d.d
%d:d:d.d
%d:d:d.d
.divx
.divx
.mjpeg
.mjpeg
.moov
.moov
.mp4v
.mp4v
.mpeg
.mpeg
.rmvb
.rmvb
.xvid
.xvid
.mpga
.mpga
tload.dat
tload.dat
Welcome.wav
Welcome.wav
Template.doc
Template.doc
Word%d
Word%d
[MME] %s
[MME] %s
*.wav;
*.wav;
Invalid encryption key
Invalid encryption key
key%d
key%d
This file type is not supported
This file type is not supported
Express Delegate (%s)
Express Delegate (%s)
FTP (%s)
FTP (%s)
Folder (%s)
Folder (%s)
Automatic every %d mins
Automatic every %d mins
Invalid profile for user %d
Invalid profile for user %d
No default profiles found. Please create a profile by using Windows' Control Panel -> Speech.
No default profiles found. Please create a profile by using Windows' Control Panel -> Speech.
[Default] %s
[Default] %s
*.wpd;
*.wpd;
Microsoft Windows Write Files
Microsoft Windows Write Files
*.wri;
*.wri;
*.doc;*.docm;*.docx;*.dot;*.dotm;*.dotx;
*.doc;*.docm;*.docx;*.dot;*.dotm;*.dotx;
*.wps;*.wpt;
*.wps;*.wpt;
*.odt;*.ott;
*.odt;*.ott;
*.sdw;*.stw;*.sxw;*.vor;
*.sdw;*.stw;*.sxw;*.vor;
*.rtf;*.txt;
*.rtf;*.txt;
Web Pages
Web Pages
*.htm;*.html;*.mht;*.mhtml;*.url;
*.htm;*.html;*.mht;*.mhtml;*.url;
*.xml;
*.xml;
The file "%s" cannot be added to the word template list. Please do not select a file with extension ".dat" as word proccessor template.
The file "%s" cannot be added to the word template list. Please do not select a file with extension ".dat" as word proccessor template.
*.sta
*.sta
s%.7u.sta
s%.7u.sta
%s-%s.sta
%s-%s.sta
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
FTP file transfers
FTP file transfers
Upload your website using ftp
Upload your website using ftp
Manage stock, procurements and reporting
Manage stock, procurements and reporting
Track and Report Income and Expenditures
Track and Report Income and Expenditures
Zulu Disc Jockey Software
Zulu Disc Jockey Software
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Clean and optimize your Windows registry by removing the old and damaged data that is bogging down your computer performance.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
Voxal is a real time voice changing program. Change your voice live through speakers, in softphone calls, or any application or game that uses a microphone.
twelvekeys
twelvekeys
TwelveKeys Music Transcription
TwelveKeys Music Transcription
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Universal audio converting software supports all popular audio formats including mp3, wma, wav, midi, m4a, and more. Use it to convert and compress sound files.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Orion finds and recovers deleted files on hard drives, external and portable drives. Or use the drive scrubber to ensure deleted files can't be recovered.
Key Blaze Typing Tutor Software
Key Blaze Typing Tutor Software
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
A powerful FTP client that integrates with Windows Explorer for manual or automatic file uploading, or sync/mirror files and folders via FTP.
Fling FTP Sync Software Client
Fling FTP Sync Software Client
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Easy to use file backup software to automatically back up critical data to CD, DVD, Blu-ray or a remote FTP server. Don't take chances with your valuable data.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Use this text expansion software to create keyboard shortcuts that will expand to an entire word, sentence, paragraph or document. A useful time saving tool.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Digital dictation software to record and send dictation for transcription directly from your computer, or dock and send dictation from a portable device.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Professional accounting software to manage and report business income and expenses, sales, invoices and payments. Great for small and medium-sized companies.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy to use video recording software lets you capture and record video from a webcam, your computer screen, an external video device or online streaming video.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
Easy and reliable FTP client software. View, edit, upload, download, delete and otherwise manage files on a remote server, website or network.
cftpsetup
cftpsetup
Classic FTP - FTP Client Software
Classic FTP - FTP Client Software
ClassicFTP
ClassicFTP
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
Use your PC to broadcast live or recorded video from a webcam, computer screen or video input device. Video streams will play in all popular web browsers.
InstallReport
InstallReport
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe&source=softwaretrial
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe&source=softwaretrial
mhXXp://VVV.nchsoftware.com
mhXXp://VVV.nchsoftware.com
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
A full list of our products can be found at the below website. You may find another product that is more suitable for your needs.
nhookappcommand.dll
nhookappcommand.dll
software\microsoft\windows\currentversion\app paths\%s
software\microsoft\windows\currentversion\app paths\%s
Global\%s
Global\%s
fmm%s
fmm%s
API Test OK [%s].
API Test OK [%s].
Local_Response_%d
Local_Response_%d
Software\Classes\%s
Software\Classes\%s
hXXp://VVV.nch.com.au/upgrade/index.html?software=scribe&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/upgrade/index.html?software=scribe&upgradeid=%d&upgradekey=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
hXXp://VVV.nch.com.au/activate/index.html?code=%s
%d:%d:%d
%d:%d:%d
%d-%d-%d
%d-%d-%d
Express Scribe Transcription Software.lnk
Express Scribe Transcription Software.lnk
NCH Software.lnk
NCH Software.lnk
NCH Suite.lnk
NCH Suite.lnk
Software\Microsoft\Windows\CurrentVersion\Uninstall\Scribe
Software\Microsoft\Windows\CurrentVersion\Uninstall\Scribe
URLInfoAbout
URLInfoAbout
URLUpdateInfo
URLUpdateInfo
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
hXXp://cgi.nch.com.au/cgi-bin/report.exe
hXXp://cgi.nch.com.au/cgi-bin/report.exe
uninst.exe
uninst.exe
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Uninstall is complete. If you need to reinstall this software again you can download it from VVV.nchsoftware.com.
Software\NCH Software\Components\%s
Software\NCH Software\Components\%s
s.exe
s.exe
%sLock
%sLock
Special discount pricing ends on the 15th of %s.
Special discount pricing ends on the 15th of %s.
Special discount pricing ends at the end of %s.
Special discount pricing ends at the end of %s.
InstallingChrome
InstallingChrome
LaunchChromeOnInstall
LaunchChromeOnInstall
Express Scribe Transcription Software
Express Scribe Transcription Software
hXXp://VVV.nchsoftware.com/software/thanks.html?software=Scribe&appname=%s&version=5.69&base=scribe&domain=nch&buyoffer=scribe&plus=%s&pclass=free%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/thanks.html?software=Scribe&appname=%s&version=5.69&base=scribe&domain=nch&buyoffer=scribe&plus=%s&pclass=free%s%s%s%s%s%s%s%s&instby=%s
&usage=XX
&usage=XX
"%s" -uninstall
"%s" -uninstall
scribesetup_v5.69.exe
scribesetup_v5.69.exe
Software\NCH Software\Scribe\%s
Software\NCH Software\Scribe\%s
-LQUIET -instby %sScribe
-LQUIET -instby %sScribe
%s (%s)
%s (%s)
audiochannel.net
audiochannel.net
VVV.nch.com.au
VVV.nch.com.au
hXXp://VVV.nch.com.au/components/%s.exe
hXXp://VVV.nch.com.au/components/%s.exe
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
An install-on-demand component could not be installed automatically. Please run it from the URL below then try again.
%s=%s
%s=%s
_scribe_rl_%s
_scribe_rl_%s
Report Bug
Report Bug
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete an NCH Software Bug Report so our programmers can try to fix this? Please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69&xi=AbTermOrHang-Win%d%d
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69&xi=AbTermOrHang-Win%d%d
Win%d%d
Win%d%d
Ukn0(Msg%dLstCmd%d)
Ukn0(Msg%dLstCmd%d)
(Cmd%d)
(Cmd%d)
%s-%s-%s-%s
%s-%s-%s-%s
dbghelp.dll
dbghelp.dll
Abnormal Execution Problem
Abnormal Execution Problem
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
Would you be willing to complete a NCH Software Bug Report so our programmers can try to fix this? If so, please click 'Report Bug' and then enter the field to tell us exactly what you did so we can attempt to repeat it and fix it.
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69&xi=GUI-%s
hXXp://VVV.nch.com.au/software/bug.html?software=Scribe&version=5.69&xi=GUI-%s
%d-%d-%%d
%d-%d-%%d
Please check you have exited any previous running instances of Express Scribe Transcription Software and any other programs that might be using the file "%s". Then run the installer again.
Please check you have exited any previous running instances of Express Scribe Transcription Software and any other programs that might be using the file "%s". Then run the installer again.
Installation cannot be completed because the file "%s" cannot be written to.
Installation cannot be completed because the file "%s" cannot be written to.
LLIBShowrelatedwhenchromeoff
LLIBShowrelatedwhenchromeoff
LLIBShowrelatedwhenchromeon
LLIBShowrelatedwhenchromeon
LLIBShowrelatedwhennochromeoff
LLIBShowrelatedwhennochromeoff
LLIBShowrelatedwhennochromeon
LLIBShowrelatedwhennochromeon
Please read the following important information before continuing.
Please read the following important information before continuing.
c:\program files (x86)\
c:\program files (x86)\
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\%s
NCH.Scribe%s
NCH.Scribe%s
Scribe.BAK
Scribe.BAK
%s\FileAssociations
%s\FileAssociations
reg.exe
reg.exe
%s\OpenWithProgIds
%s\OpenWithProgIds
Applications\scribe.exe
Applications\scribe.exe
%sfile
%sfile
%s\DefaultIcon
%s\DefaultIcon
%s,%d
%s,%d
%s\shell
%s\shell
%s\shell\open\command
%s\shell\open\command
"%s" "%%L"
"%s" "%%L"
Applications\scribe.exe\shell\open\command
Applications\scribe.exe\shell\open\command
Applications\scribe.exe\shell
Applications\scribe.exe\shell
Applications\scribe.exe\DefaultIcon
Applications\scribe.exe\DefaultIcon
software\classes\%s
software\classes\%s
-addremfiletyperun "%s" "%s" "%s" "%s" %d
-addremfiletyperun "%s" "%s" "%s" "%s" %d
%s\Shell\%s\command
%s\Shell\%s\command
SystemFileAssociations\%s\Shell\%s\command
SystemFileAssociations\%s\Shell\%s\command
"%s" %s "%%L"
"%s" %s "%%L"
Software\Classes\%s\Shell\%s\command
Software\Classes\%s\Shell\%s\command
-addfiletyperunspecial "%s" "%s" "%s" %d
-addfiletyperunspecial "%s" "%s" "%s" %d
%s\Shell\%s
%s\Shell\%s
SystemFileAssociations\%s\Shell\%s
SystemFileAssociations\%s\Shell\%s
-remfiletyperunspecial "%s" "%s"
-remfiletyperunspecial "%s" "%s"
explorer.exe
explorer.exe
Advapi32.dll
Advapi32.dll
W"%s" %s
W"%s" %s
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nchsoftware.com/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/%s.html
hXXp://VVV.nch.com.au/kb/%d.html
hXXp://VVV.nch.com.au/kb/%d.html
.html
.html
hXXp://help.nchsoftware.com/help/en/scribe/win/%s.html
hXXp://help.nchsoftware.com/help/en/scribe/win/%s.html
Local\ScribeProcessEXE%s
Local\ScribeProcessEXE%s
-elevated %s %s
-elevated %s %s
"%s" -exe %s
"%s" -exe %s
Software\NCH Software\%s\Settings
Software\NCH Software\%s\Settings
Software\NCH Swift Sound\%s\Settings
Software\NCH Swift Sound\%s\Settings
"%s" %%s
"%s" %%s
Waiting for %s
Waiting for %s
ExpressScribe will continue when %s closes.
ExpressScribe will continue when %s closes.
TwelveKeys
TwelveKeys
twelvekeyssetup
twelvekeyssetup
KeyBlaze
KeyBlaze
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe&version=5.69%s%s%s%s%s%s%s%s&instby=%s
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=scribe&version=5.69%s%s%s%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=5.69&base=scribe&domain=nch%s%s%s%s%s%s%s
hXXp://VVV.nchsoftware.com/software/registered.html?software=%s&appname=%s&version=5.69&base=scribe&domain=nch%s%s%s%s%s%s%s
ID - Key:
ID - Key:
%s-%s
%s-%s
hXXp://VVV.nch.com.au/upgrade/index.html
hXXp://VVV.nch.com.au/upgrade/index.html
%s Registration Code:
%s Registration Code:
Register %s
Register %s
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
Click here if you have not activated your 12-digit serial number online and have not received an ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
If you have already activated your serial number online, check your email for the ID-key. Then, click here to enter your ID-Key.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
The code that you have entered is a license serial number. You must activate your serial number online to receive the ID-Key needed to register this software.
ID-Key is required to complete the registration.
ID-Key is required to complete the registration.
Old Version Key
Old Version Key
- You are using the correct ID and key for the correct product. Only the ID and key for Express Scribe Transcription Software will be accepted.
- You are using the correct ID and key for the correct product. Only the ID and key for Express Scribe Transcription Software will be accepted.
support/reg
support/reg
registration.txt
registration.txt
Name: %s
Name: %s
Location: %s
Location: %s
ID - Key: %d - %s
ID - Key: %d - %s
-clear -label "Express Scribe Transcription Software Installer" -type data "%s" "%s"
-clear -label "Express Scribe Transcription Software Installer" -type data "%s" "%s"
Validate Key
Validate Key
Key cannot be validated. Please connect to the internet and try again.
Key cannot be validated. Please connect to the internet and try again.
00:00:00
00:00:00
2014-02-01
2014-02-01
%s - %s Version Required
%s - %s Version Required
%s Version Required
%s Version Required
nch.com.au
nch.com.au
nchsoftware.com
nchsoftware.com
hXXp://VVV.%s/%s
hXXp://VVV.%s/%s
%s [Recommended]
%s [Recommended]
Google Chrome, a faster way to browse the web
Google Chrome, a faster way to browse the web
Free games, themes and utilities from the Google Chrome Store
Free games, themes and utilities from the Google Chrome Store
Why people choose Chrome:
Why people choose Chrome:
Install Google Chrome as my default browser
Install Google Chrome as my default browser
Google Toolbar makes web browsing more convenient:
Google Toolbar makes web browsing more convenient:
Search from any website
Search from any website
Translate web pages instantly
Translate web pages instantly
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/toolbar/ie/partnereula.html?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/accounts/TOS?hl=en
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
hXXp://VVV.google.com/intl/en/privacy/privacy-policy.html
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
By installing this application, you agree to the Google Chrome
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/eula_text.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
hXXp://VVV.google.com/chrome/intl/en/privacy.html
reject-chrome
reject-chrome
Automatic download of the install-on-demand component "%s" failed.
Automatic download of the install-on-demand component "%s" failed.
The website will now be opened where you can download it manually.
The website will now be opened where you can download it manually.
Open Website
Open Website
-installrelated %x -toolbar %x
-installrelated %x -toolbar %x
NCH Software\Scribe%s
NCH Software\Scribe%s
Scribe%s
Scribe%s
%sT%s
%sT%s
Click to install and run %s
Click to install and run %s
Click to run %s
Click to run %s
Express Scribe Transcription Software cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
Express Scribe Transcription Software cannot launch the program required to perform the selected task. Please go to nch.com.au/software to download it and try again.
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/index.html
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXps://secure.nch.com.au/cgi-bin/register.exe%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nchsoftware.com%s%s
hXXp://cgi.nch.com.au/cgi-bin/search.exe?q=%s&site=VVV.nchsoftware.com%s%s
Click to visit our website
Click to visit our website
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
(EOF) Element should be terminated with %s>. Check you have terminated your element properly.
Tag does not have a closing '>'
Tag does not have a closing '>'
Misplaced %s> which does not match a .
Misplaced %s> which does not match a .
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Element should be terminated with %s>, was with %s. Check you have terminated your element properly.
Ln %d, Col %d: %s
Ln %d, Col %d: %s
http\shell\open\command
http\shell\open\command
iexplore.exe
iexplore.exe
iexplorer.exe
iexplorer.exe
firefox.exe
firefox.exe
chrome.exe
chrome.exe
Installing Google Chrome
Installing Google Chrome
The Google Chrome installer could not be downloaded.
The Google Chrome installer could not be downloaded.
ChromeRequiresLaunch
ChromeRequiresLaunch
ChromeScribe
ChromeScribe
software\Google\No Chrome Offer Until
software\Google\No Chrome Offer Until
NCH_Chrome.exe
NCH_Chrome.exe
Sorry, Chrome was not installed because of some problems encountered during the installation process.
Sorry, Chrome was not installed because of some problems encountered during the installation process.
Chrome
Chrome
NCH_GoogleToolbar.exe
NCH_GoogleToolbar.exe
chrome-google
chrome-google
chrome
chrome
Install Google Chrome - Free
Install Google Chrome - Free
Get Chrome to View Help Files
Get Chrome to View Help Files
We recommend Google Chrome as the preferred viewer for our help pages.
We recommend Google Chrome as the preferred viewer for our help pages.
Google Chrome is free and fast.
Google Chrome is free and fast.
%.4d-%.2d-%.2d Express Scribe Transcription Software Log.txt
%.4d-%.2d-%.2d Express Scribe Transcription Software Log.txt
%s%sshmf%ii.bin.tmp
%s%sshmf%ii.bin.tmp
Technical Support Page
Technical Support Page
Send Bug Report
Send Bug Report
Classic FTP Software
Classic FTP Software
tar.gz
tar.gz
VVV.nch.com.au/scribe
VVV.nch.com.au/scribe
splash.jpg
splash.jpg
hXXp://VVV.nch.com.au/suggestions/index.html?software=Scribe&version=5.69%s%s
hXXp://VVV.nch.com.au/suggestions/index.html?software=Scribe&version=5.69%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Scribe&version=5.69%s%s
hXXp://VVV.nchsoftware.com/software/newsletter.html?software=Scribe&version=5.69%s%s
hXXp://VVV.nch.com.au/software/dictation.html
hXXp://VVV.nch.com.au/software/dictation.html
hXXp://VVV.facebook.com/NCHSoftware
hXXp://VVV.facebook.com/NCHSoftware
hXXp://twitter.com/nchsoftware
hXXp://twitter.com/nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXps://plus.google.com/ nchsoftware
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
hXXp://VVV.facebook.com/sharer/sharer.php?u=%s
I just downloaded %s. Try it here:
I just downloaded %s. Try it here:
hXXp://VVV.twitter.com/home?status=%s%s
hXXp://VVV.twitter.com/home?status=%s%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXps://plusone.google.com/_/ 1/confirm?hl=en&url=%s
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.stumbleupon.com/submit?url=%s&title=NCH Software
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.linkedin.com/shareArticle?url=%s&title=NCH Software&mini=true
hXXp://VVV.nchsoftware.com/software/rateit.html?software=Scribe&appname=%s&version=5.69&rating=%d&upgradeoffer=scribe&os=Win&lang=en&base=scribe&domain=nch%s%s%s%s%s&instby=%s
hXXp://VVV.nchsoftware.com/software/rateit.html?software=Scribe&appname=%s&version=5.69&rating=%d&upgradeoffer=scribe&os=Win&lang=en&base=scribe&domain=nch%s%s%s%s%s&instby=%s
Certify this program is being used for non-commercial, home use only
Certify this program is being used for non-commercial, home use only
This version 5.69 of Express Scribe Transcription Software will only work on Windows 8 or earlier. A newer version is available for download on VVV.nchsoftware.com.
This version 5.69 of Express Scribe Transcription Software will only work on Windows 8 or earlier. A newer version is available for download on VVV.nchsoftware.com.
Software\NCH Software\%s
Software\NCH Software\%s
Software\NCH Swift Sound\%s
Software\NCH Swift Sound\%s
Quick Install-on-Demand %s
Quick Install-on-Demand %s
-extsuite %s
-extsuite %s
-extfind %s
-extfind %s
Software\Classes\.%s
Software\Classes\.%s
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
software\microsoft\windows\currentversion\explorer\fileexts\.%s\userchoice
%s\shell\open
%s\shell\open
"%s" -extfind %s "%%L"
"%s" -extfind %s "%%L"
%SystemRoot%\system32\shell32.dll,19
%SystemRoot%\system32\shell32.dll,19
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell\%s
Software\Classes\%s\Shell
Software\Classes\%s\Shell
hXXp://VVV.nch.com.au/index.html
hXXp://VVV.nch.com.au/index.html
An install-on-demand component is required for this operation.
An install-on-demand component is required for this operation.
NCH Software\%s\%s.exe
NCH Software\%s\%s.exe
NCH Swift Sound\%s\%s.exe
NCH Swift Sound\%s\%s.exe
%s "%s"
%s "%s"
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell\open\command
Software\Classes\%s\shell
Software\Classes\%s\shell
Software\Classes\%s\shell\open
Software\Classes\%s\shell\open
Software\Classes\%s\DefaultIcon
Software\Classes\%s\DefaultIcon
%s%s%s%s
%s%s%s%s
Report a Problem
Report a Problem
Click here if you would like to report a problem with Express Scribe Transcription Software.
Click here if you would like to report a problem with Express Scribe Transcription Software.
If you find any problems with this release please let us know by reporting them.
If you find any problems with this release please let us know by reporting them.
%s Home Page
%s Home Page
hXXp://VVV.nch.com.au/software/audio.html
hXXp://VVV.nch.com.au/software/audio.html
Distributed by %s
Distributed by %s
Licensed User: %s
Licensed User: %s
Item %d
Item %d
Col%d
Col%d
%d.%d.%d
%d.%d.%d
lAdd New Hot-Key
lAdd New Hot-Key
Click "Change..." to assign key
Click "Change..." to assign key
Hot-key Required
Hot-key Required
Please click here to assign the hot-key.
Please click here to assign the hot-key.
Key Already In Use
Key Already In Use
Sorry, the key you have chosen is already in use as a hot-key. Please choose another key.
Sorry, the key you have chosen is already in use as a hot-key. Please choose another key.
F12 is reserved for the operating system. Please choose another key.
F12 is reserved for the operating system. Please choose another key.
Alt F4 is already used by the operating system. Please choose another key.
Alt F4 is already used by the operating system. Please choose another key.
Command Already Assigned A Key
Command Already Assigned A Key
Sorry, the command you have chosen already has a hot-key associated with it. Please choose another command.
Sorry, the command you have chosen already has a hot-key associated with it. Please choose another command.
Delete Hot-Key(s)
Delete Hot-Key(s)
Delete the selected hot-key(s)?
Delete the selected hot-key(s)?
Set Default Hot-Keys
Set Default Hot-Keys
Reset all hot-keys to the default configuration?
Reset all hot-keys to the default configuration?
Channel-%u-
Channel-%u-
0:00:00.000
0:00:00.000
J.grf
J.grf
SMTP
SMTP
IPM.Note
IPM.Note
xMAPI32.DLL
xMAPI32.DLL
e.g., mail.myisp.net
e.g., mail.myisp.net
e.g., myemail@myco.com
e.g., myemail@myco.com
Your email software (e.g., Outlook, Eudora, etc.) has not been set up for MAPI. Refer to your email software Help to find out how to set it up for MAPI. Otherwise use the SMTP option.
Your email software (e.g., Outlook, Eudora, etc.) has not been set up for MAPI. Refer to your email software Help to find out how to set it up for MAPI. Otherwise use the SMTP option.
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter a valid reply-to address. Enter your email address.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If you choose SMTP you must enter an SMTP mail host. Call your ISP if you don't know what your SMTP mail host is.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
If your SMTP server requires authentication, you must enter a SMTP username to connect to your server.
Password Required
Password Required
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
If your SMTP server requires authentication, you must enter a valid SMTP password to connect to your server.
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to mail server "%s" when sending an email to "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to either mail server "%s" or the mail server at "%s".
Unable to connect to mail server "%s".
Unable to connect to mail server "%s".
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted, error code 504) for destination email %s - usually this means the email address is not valid.
Mail host server error (HELO not accepted): %d emailto: %s
Mail host server error (HELO not accepted): %d emailto: %s
Email authentication username or password not accepted
Email authentication username or password not accepted
Scribe@%s
Scribe@%s
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
Error while trying to send email. Email address may be wrong or your SMTP server may require a username or password. Please check address again and see Email Settings.
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address.
The recipient's email server does not allow email to be received in this manner. Please use an SMTP account for sending email to this address.
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
The recipient's email server rejected this email because of an unspecified reason. Try using an SMTP account for sending email to this address.
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
Mail host server error (data terminator not accepted) emailto: %s mailhost: %s error: %d
n%d.%d.%d.%d:%d
n%d.%d.%d.%d:%d
This FTP server does not support the required protected mode data transfers for SSL connections.
This FTP server does not support the required protected mode data transfers for SSL connections.
Deleting %s/%s/%s
Deleting %s/%s/%s
%s: %2.0f%%
%s: %2.0f%%
Testing FTP...
Testing FTP...
Unable to connect to server "%s".
Unable to connect to server "%s".
Server "%s" is OK.
Server "%s" is OK.
Unable to logon with username "%s" or entered password.
Unable to logon with username "%s" or entered password.
Unable to change to the directory "%s".
Unable to change to the directory "%s".
Current directory is: %s
Current directory is: %s
Passive Connection Failed!
Passive Connection Failed!
see VVV.nch.com.au/kb/10047.html
see VVV.nch.com.au/kb/10047.html
d_ftptest
d_ftptest
Passive mode
Passive mode
Changing directory to %s
Changing directory to %s
FTP Explorer
FTP Explorer
FTP Explorer - %s
FTP Explorer - %s
FTP Explorer - Change Directory
FTP Explorer - Change Directory
%d objects
%d objects
FTP Download
FTP Download
FTP Explorer - View File
FTP Explorer - View File
Check you have permission to download files with this FTP user account.
Check you have permission to download files with this FTP user account.
FTP Explorer - Confirm Delete
FTP Explorer - Confirm Delete
Deleting file: %s
Deleting file: %s
Unable to delete file "%s".
Unable to delete file "%s".
FTP Explorer - Delete File
FTP Explorer - Delete File
Deleting folder: %s
Deleting folder: %s
Unable to delete directory "%s".
Unable to delete directory "%s".
FTP Explorer - Delete Directory
FTP Explorer - Delete Directory
FTP Explorer - Open File
FTP Explorer - Open File
FTP Explorer - Create Directory
FTP Explorer - Create Directory
Directory already exists or you do not have permission to create directories with this FTP user account.
Directory already exists or you do not have permission to create directories with this FTP user account.
FTP Explorer - Rename File
FTP Explorer - Rename File
Check you have permission to rename files with this FTP user account.
Check you have permission to rename files with this FTP user account.
Date Modified: %s Size: %s
Date Modified: %s Size: %s
%d objects selected
%d objects selected
FTP Connect
FTP Connect
FtpExplorer
FtpExplorer
KFile does not exist: %s
KFile does not exist: %s
Not enough memory available to load %s
Not enough memory available to load %s
Cannot open xml file: %s
Cannot open xml file: %s
%s/microsoft/windows mail/local folders/%s
%s/microsoft/windows mail/local folders/%s
SMTP_Server
SMTP_Server
SMTP_Email_Address
SMTP_Email_Address
00000001
00000001
Software\Microsoft\Internet Account Manager\Accounts\%s
Software\Microsoft\Internet Account Manager\Accounts\%s
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\%s
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
%s\%s\d
%s\%s\d
%s\Thunderbird
%s\Thunderbird
%s\profiles.ini
%s\profiles.ini
%s\%s\prefs.js
%s\%s\prefs.js
mail.accountmanager.defaultaccount
mail.accountmanager.defaultaccount
mail.account.%s.identities
mail.account.%s.identities
mail.identity.%s.useremail
mail.identity.%s.useremail
mail.smtp.defaultserver
mail.smtp.defaultserver
mail.smtpserver.%s.hostname
mail.smtpserver.%s.hostname
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Eudora.exe
deudora.ini
deudora.ini
eudora.ini
eudora.ini
%s\Qualcomm\Eudora\eudora.ini
%s\Qualcomm\Eudora\eudora.ini
SMTPServer
SMTPServer
Windows Mail
Windows Mail
Mozilla Thunderbird
Mozilla Thunderbird
%d.%d.%d.%d
%d.%d.%d.%d
127.0.0.1
127.0.0.1
libeay32.dll
libeay32.dll
ssleay32.dll
ssleay32.dll
Windows Media Audio V1
Windows Media Audio V1
Windows Media Audio V2
Windows Media Audio V2
ACELP.net
ACELP.net
Loading %s
Loading %s
Loading CD Track %d
Loading CD Track %d
Only supports conversion of CD tracks to mono or stereo.
Only supports conversion of CD tracks to mono or stereo.
"%s" "%s" "%s" -d
"%s" "%s" "%s" -d
"%s" -x "%s" "%s"
"%s" -x "%s" "%s"
"%s" -d -o "%s" -F "%s"
"%s" -d -o "%s" -F "%s"
"%s" -o "%s" "%s"
"%s" -o "%s" "%s"
"%s" -d -o "%s" "%s"
"%s" -d -o "%s" "%s"
Decoding %s file
Decoding %s file
Express Scribe Transcription Software could not locate a plugin for the file with extension "%s".
Express Scribe Transcription Software could not locate a plugin for the file with extension "%s".
You will need to download and install the plugin yourself from here: hXXp://VVV.nch.com.au/components/%s.exe.
You will need to download and install the plugin yourself from here: hXXp://VVV.nch.com.au/components/%s.exe.
Express Scribe Transcription Software could not locate a plugin for the file with extension "%s". No plugin appears to be available, therefore this format may be unsupported. Visit hXXp://VVV.nch.com.au/components/index.html to check if there is a plugin for this format.
Express Scribe Transcription Software could not locate a plugin for the file with extension "%s". No plugin appears to be available, therefore this format may be unsupported. Visit hXXp://VVV.nch.com.au/components/index.html to check if there is a plugin for this format.
*.aud
*.aud
*.grf
*.grf
Unsupported DCT file format version
Unsupported DCT file format version
Decryption key is incorrect
Decryption key is incorrect
Attempting to skip extensible data in an encrypted dictation without the correct decryption key
Attempting to skip extensible data in an encrypted dictation without the correct decryption key
Attachment%d%s
Attachment%d%s
Loading DCT File: %s
Loading DCT File: %s
Saving DCT File: %s
Saving DCT File: %s
Unable to load the installed %s decoder component.
Unable to load the installed %s decoder component.
Unable to initiate the installed %s decoder component.
Unable to initiate the installed %s decoder component.
%s decoding failed.
%s decoding failed.
Unable to open the %s file.
Unable to open the %s file.
The file is not a valid %s file.
The file is not a valid %s file.
Unrecognized %s format variant.
Unrecognized %s format variant.
%s file header removal failed.
%s file header removal failed.
s520.dll
s520.dll
Unable to load %s.
Unable to load %s.
Unable to load decoder from %s.
Unable to load decoder from %s.
Please check that the %s file is valid and complete.
Please check that the %s file is valid and complete.
a1600.dll
a1600.dll
a1800.dll
a1800.dll
a4800.dll
a4800.dll
Windows Record Mixer
Windows Record Mixer
%s/%d.aud
%s/%d.aud
%s%d.aud
%s%d.aud
Read %s of %s
Read %s of %s
%d:%.2d:%.2d
%d:%.2d:%.2d
.wavpcm
.wavpcm
.sndt
.sndt
.sndr
.sndr
.vorbis
.vorbis
.nist
.nist
.maud
.maud
.mat5
.mat5
.mat4
.mat4
.lpc10
.lpc10
.ircam
.ircam
.hcom
.hcom
.gsrt
.gsrt
.fssd
.fssd
.dvms
.dvms
.cvsd
.cvsd
.cdda
.cdda
.amr-wb
.amr-wb
.amr-nb
.amr-nb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles
VID_Cmd
VID_Cmd
langid=%d
langid=%d
type=%s
type=%s
High Pass
High Pass
Speex ACM Codec xiph.org
Speex ACM Codec xiph.org
(unverified) For the Record - hXXp://VVV.fortherecord.com
(unverified) For the Record - hXXp://VVV.fortherecord.com
Aureal Semiconductor RAW SPORT
Aureal Semiconductor RAW SPORT
Windows Media Audio Lossless V9
Windows Media Audio Lossless V9
Windows Media Audio Professional V9
Windows Media Audio Professional V9
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio
Windows Media Audio V1 / DivX audio (WMA)
Windows Media Audio V1 / DivX audio (WMA)
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.KELVIN
Sipro Lab Telecom ACELP.net
Sipro Lab Telecom ACELP.net
Microsoft Windows Media, RT Voice
Microsoft Windows Media, RT Voice
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
Compaq Computer VSELP (codec for Windows CE 2.0 devices)
wmvcore.dll
wmvcore.dll
C:\Windows\System32\pedaldrv.dll
C:\Windows\System32\pedaldrv.dll
Function not found in driver: %s
Function not found in driver: %s
{x-x-x-xx-xxxxxx}
{x-x-x-xx-xxxxxx}
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
{555504B4-0000-0000-0000-504944564944}
{555504B4-0000-0000-0000-504944564944}
{18440911-0000-0000-0000-504944564944}
{18440911-0000-0000-0000-504944564944}
NPort
NPort
Port open failed
Port open failed
0xX
0xX
Switch: %s
Switch: %s
NCouldn't read input report
NCouldn't read input report
Invalid input report length
Invalid input report length
Foot pedal status: %s
Foot pedal status: %s
Windows %d.%d
Windows %d.%d
%s can be controlled by a foot pedal controller. If you have purchased a controller, please connect it now and click on "Controller setup wizard"
%s can be controlled by a foot pedal controller. If you have purchased a controller, please connect it now and click on "Controller setup wizard"
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=%s
hXXps://secure.nch.com.au/cgi-bin/register.exe?software=%s
Purchase %s for compatibility with more pedals
Purchase %s for compatibility with more pedals
hXXp://VVV.nch.com.au/hardware/pedals.html
hXXp://VVV.nch.com.au/hardware/pedals.html
e.g.pedaldrv.dll
e.g.pedaldrv.dll
Plug and play controller diagnostics for %s
Plug and play controller diagnostics for %s
v %s (%s):
v %s (%s):
Vendor ID: %s
Vendor ID: %s
Product ID: %s
Product ID: %s
Revision: %s
Revision: %s
Product string: %s
Product string: %s
Path: %s
Path: %s
Usage page: %u
Usage page: %u
Model data: %s
Model data: %s
Key: N/A
Key: N/A
Key: %s
Key: %s
Company: %s
Company: %s
Model: %s
Model: %s
Allowed: %s
Allowed: %s
Product name: %s
Product name: %s
N\\.\%s
N\\.\%s
Nhid.dll
Nhid.dll
cfgmgr32.dll
cfgmgr32.dll
setupapi.dll
setupapi.dll
%sname
%sname
%ssize
%ssize
%smd5hash
%smd5hash
Express Delegate [%s]
Express Delegate [%s]
password
password
DelegateServerPort
DelegateServerPort
DelegateLoginEmail
DelegateLoginEmail
DelegateLoginPassword
DelegateLoginPassword
Password:
Password:
Auto-import source
Auto-import source
AutoImport
AutoImport
FTP Connection Test
FTP Connection Test
Download from an FTP server
Download from an FTP server
Invalid port
Invalid port
hXXp://VVV.nch.com.au/delegate/index.html
hXXp://VVV.nch.com.au/delegate/index.html
e.g., delegate.company.com
e.g., delegate.company.com
Port:
Port:
e.g., name@company.com
e.g., name@company.com
%s v %d.d
%s v %d.d
Server name: %s
Server name: %s
Server description: %s
Server description: %s
Server application: %s
Server application: %s
Server SDK: v %d
Server SDK: v %d
Database ID: %s
Database ID: %s
FTP options
FTP options
e.g., PTF.company.com
e.g., PTF.company.com
Secure connection (FTPES)
Secure connection (FTPES)
Warning: Dictations will be automatically deleted from the FTP server once they are loaded.
Warning: Dictations will be automatically deleted from the FTP server once they are loaded.
Windows Media Video 9
Windows Media Video 9
Windows Media Video 8
Windows Media Video 8
Windows Media Video 7
Windows Media Video 7
32 bit support
32 bit support
WebCam JPEG
WebCam JPEG
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:cm:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
@device:sw:{33D9A760-90C8-11D0-BD43-00A0C911CE86}\ffdshow video encoder
hXXp://ffmpeg.org
hXXp://ffmpeg.org
avutil-52.nch.dll
avutil-52.nch.dll
swscale-2.nch.dll
swscale-2.nch.dll
avcodec-55.nch.dll
avcodec-55.nch.dll
avformat-55.nch.dll
avformat-55.nch.dll
swresample-0.nch.dll
swresample-0.nch.dll
S.wpp
S.wpp
.clpi
.clpi
"%s" - -
"%s" - -
"%s" -s %d -d -w -
"%s" -s %d -d -w -
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
FAAD2 AAC/HE-AAC/HE-AACv2/DRM decoder (c) Nero AG, VVV.nero.com
"%s" -o raw
"%s" -o raw
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 2000-2002 Michel Lespinasse
Copyright (C) 1999-2000 Aaron Holtzman
Copyright (C) 1999-2000 Aaron Holtzman
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
License terms for this component can be found at: hXXp://VVV.opensource.org/licenses/lgpl-license.php
"%s" %s - -
"%s" %s - -
"%s" -C %d -R %d -b %d
"%s" -C %d -R %d -b %d
"%s" -r
"%s" -r
-b %d --cbr --nores --nchvideo - -
-b %d --cbr --nores --nchvideo - -
%s 00:00:00
%s 00:00:00
%s %.2d:%.2d:%.2d
%s %.2d:%.2d:%.2d
%s %d
%s %d
Fddraw.dll
Fddraw.dll
Portable Anymap
Portable Anymap
Portable Network Graphics
Portable Network Graphics
Joint Photographic Experts Group
Joint Photographic Experts Group
.wbmp
.wbmp
.tiff
.tiff
.jpeg
.jpeg
Certain parts of this software fall under the Little CMS License:
Certain parts of this software fall under the Little CMS License:
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Portions of this software are Copyright (c) 1998-2011 Marti Maria Saguer.
Certain parts of this software fall under the LibJPEG License:
Certain parts of this software fall under the LibJPEG License:
Encoding %s image
Encoding %s image
%Program Files% (x86)\NCH Software\Scribe
%Program Files% (x86)\NCH Software\Scribe
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Current
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Done
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Done
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Status
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Status
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Logs
C:\Users\"%CurrentUserName%"\AppData\Roaming\NCH Software\Scribe\Logs
Use SMTP to send email directly to the mail server
Use SMTP to send email directly to the mail server
SMTP mail host:
SMTP mail host:
Send directly to other side (work as own SMTP server)
Send directly to other side (work as own SMTP server)
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
A full list of our products can be found at our below website. This may help you to find another product that is more suitable for your needs.
Constrain Proportions
Constrain Proportions
Change Key
Change Key
&ID - Key:
&ID - Key:
Change Hot-Key Command
Change Hot-Key Command
Hot-Key
Hot-Key
Press Key
Press Key
Press a key or a key combination.
Press a key or a key combination.
FTP Connection Test Results
FTP Connection Test Results
WebM Encoding Settings
WebM Encoding Settings
Two Pass Encoding
Two Pass Encoding
Windows Media Encoding Settings
Windows Media Encoding Settings
User Encryption Key
User Encryption Key
User encryption key
User encryption key
Set key:
Set key:
Set key
Set key
Upload to server (FTP)
Upload to server (FTP)
Use secure FTP connection (SSL/TLS)
Use secure FTP connection (SSL/TLS)
(if a key is available for the original sender)
(if a key is available for the original sender)
Hot-Keys
Hot-Keys
Key assignment
Key assignment
Express Scribe can automatically download recordings on demand from a folder on your computer network (LAN) or an email attachments folder or via the Internet (using an FTP Server).
Express Scribe can automatically download recordings on demand from a folder on your computer network (LAN) or an email attachments folder or via the Internet (using an FTP Server).
Set user's decryption key (to accept encrypted files)...
Set user's decryption key (to accept encrypted files)...