PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   General XP issues or comments (http://www.pcbanter.net/forumdisplay.php?f=18)
-   -   Need default (install-time) App Paths in registry (http://www.pcbanter.net/showthread.php?t=1095203)

VanguardLH[_2_] March 19th 16 03:25 AM
Need default (install-time) App Paths in registry
 
My aunt got nailed with viruses of which one effect was to wipe entries
under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths

The old way was to add paths to the System (global to all users) and
User (for just the currently logged on account) PATH environment
variables which got merged during logon. You would see its value by
entering "echo %path%" or "set" (no parameters) at a command line in a
console window. When running an executable, first the current folder
(working directory) was checked and, if not found, the PATH was used to
see if the executable was in one of those paths. However, the registry
also gets used to identify paths to executables.

A subkey under the above one gets named the same as the exectuable's
filename. A data item named "Path" is added under each key whose value
is the full (absolute) path to the executable file. For example, you
will find subkeys named msconfig.exe and helpctr.exe under the parent
key which are used to locate those executables. If those subkeys are
missing, trying to run msconfig results in "file not found".

Well, the viruses left behind some nasty changes in the registry that I
have to work through, one of which is all subkeys were deleted under the
App Paths key. For someone using Windows XP, could you please run
regedit.exe, navigate the App Paths key, and export it to a .reg file.
Then edit it to Ctrl+A and Ctrl+C its content and paste its content in
your reply here.

Paul March 19th 16 04:39 AM
Need default (install-time) App Paths in registry
 
VanguardLH wrote:
My aunt got nailed with viruses of which one effect was to wipe entries
under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths

The old way was to add paths to the System (global to all users) and
User (for just the currently logged on account) PATH environment
variables which got merged during logon. You would see its value by
entering "echo %path%" or "set" (no parameters) at a command line in a
console window. When running an executable, first the current folder
(working directory) was checked and, if not found, the PATH was used to
see if the executable was in one of those paths. However, the registry
also gets used to identify paths to executables.

A subkey under the above one gets named the same as the exectuable's
filename. A data item named "Path" is added under each key whose value
is the full (absolute) path to the executable file. For example, you
will find subkeys named msconfig.exe and helpctr.exe under the parent
key which are used to locate those executables. If those subkeys are
missing, trying to run msconfig results in "file not found".

Well, the viruses left behind some nasty changes in the registry that I
have to work through, one of which is all subkeys were deleted under the
App Paths key. For someone using Windows XP, could you please run
regedit.exe, navigate the App Paths key, and export it to a .reg file.
Then edit it to Ctrl+A and Ctrl+C its content and paste its content in
your reply here.

I left a Firefox in, for nostalgia reasons...

Most of the other cruft has been removed.

I have no idea what the "MSN Gaming Zone" is.

*******

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\bckgzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\bckgzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\chkrzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\chkrzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\CONF.EXE]
@="C:\\Program Files\\NetMeeting\\conf.exe"
"Path"="C:\\Program Files\\NetMeeting;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\dialer.exe]
@="C:\\Program Files\\Windows NT\\dialer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\firefox.exe]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
"Path"="C:\\Program Files\\Mozilla Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\HELPCTR.EXE]
@="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpC tr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\hrtzzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\hypertrm.exe]
@="\"C:\\Program Files\\Windows NT\\hypertrm.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ICWCONN1.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ICWCONN1.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ICWCONN2.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ICWCONN2.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"Path"="C:\\Program Files\\Internet Explorer;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\INETWIZ.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\INETWIZ.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\install.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ISIGNUP.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ISIGNUP.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\migwiz.exe]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,75,00,73,00,\
6d,00,74,00,5c,00,6d,00,69,00,67,00,77,00,69,00,7a ,00,2e,00,65,00,78,00,65,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\moviemk.exe]
@="C:\\Program Files\\Movie Maker\\moviemk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\mplayer2.exe]
@="\"C:\\Program Files\\Windows Media Player\\mplayer2.exe\""
"Path"="\"C:\\Program Files\\Windows Media Player\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MSCONFIG.EXE]
@="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSCon fig.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\msimn.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73 ,00,69,00,6d,00,6e,00,2e,\
00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\msinfo32.exe]
@="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\MSInfo32.exe"
"Path"="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MSMSGS.EXE]
@="C:\\Program Files\\Messenger\\msmsgs.exe"
"Path"="C:\\Program Files\\Messenger;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MsoHtmEd.exe]
"useURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\pbrush.exe]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,6d,00,73,00,\
70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65 ,00,00,00
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00, 6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00 ,33,00,32,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\pinball.exe]
@="C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"
"Path"="C:\\Program Files\\Windows NT\\Pinball"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\rvsezm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\rvsezm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\setup.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\shvlzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\table30.exe]
"UseShortName"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wab.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,77,00,61 ,00,62,00,2e,00,65,00,78,\
00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wabmig.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,77,00,61 ,00,62,00,6d,00,69,00,67,\
00,2e,00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\winnt32.exe]
"RunAsOnNonAdminInstall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wmenc.exe]
"Path"="C:\\Program Files\\Windows Media Components\\Encoder\\"
@="C:\\Program Files\\Windows Media Components\\Encoder\\WMEnc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wmplayer.exe]
@="C:\\Program Files\\Windows Media Player\\wmplayer.exe"
"Path"="C:\\Program Files\\Windows Media Player"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\WORDPAD.EXE]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00 ,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00 ,6f,00,77,00,73,00,20,00,\
4e,00,54,00,5c,00,41,00,63,00,63,00,65,00,73,00,73 ,00,6f,00,72,00,69,00,65,\
00,73,00,5c,00,57,00,4f,00,52,00,44,00,50,00,41,00 ,44,00,2e,00,45,00,58,00,\
45,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\WRITE.EXE]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00 ,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00 ,6f,00,77,00,73,00,20,00,\
4e,00,54,00,5c,00,41,00,63,00,63,00,65,00,73,00,73 ,00,6f,00,72,00,69,00,65,\
00,73,00,5c,00,57,00,4f,00,52,00,44,00,50,00,41,00 ,44,00,2e,00,45,00,58,00,\
45,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\XPSViewer.exe]
@="\"C:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.e xe\""

*******

Paul

Paul in Houston TX[_2_] March 19th 16 05:04 AM
Need default (install-time) App Paths in registry
 
VanguardLH wrote:
My aunt got nailed with viruses of which one effect was to wipe entries
under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths


Here's the one from my xp backup/storage machine:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\bckgzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\bckgzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ccleaner.exe]
@="C:\\Program Files\\CCleaner\\CCleaner.exe"
"Path"="C:\\Program Files\\CCleaner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\chkrzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\chkrzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\CONF.EXE]
@="C:\\Program Files\\NetMeeting\\conf.exe"
"Path"="C:\\Program Files\\NetMeeting;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\dialer.exe]
@="C:\\Program Files\\Windows NT\\dialer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\excel.exe]
"Path"="C:\\Program Files\\Microsoft Office\\OFFICE11\\"
@="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE"
"SaveURL"="1"
"useURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\gimp-2.6.exe]
@="C:\\Program Files\\GIMP-2.0\\bin\\gimp-2.6.exe"
"Path"="C:\\Program Files\\GIMP-2.0\\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\HELPCTR.EXE]
@="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpC tr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\HijackThis.exe]
@="C:\\Original\\hijackthis.exe"
"Path"="C:\\Original"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\hrtzzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\hypertrm.exe]
@="\"C:\\Program Files\\Windows NT\\hypertrm.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\i-Speeder.exe]
"Path"="C:\\Program Files\\MSI\\i-Speeder"
@="C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ICWCONN1.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ICWCONN1.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ICWCONN2.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ICWCONN2.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"
"Path"="C:\\Program Files\\Internet Explorer;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\INETWIZ.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\INETWIZ.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\install.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\ISIGNUP.EXE]
@="\"C:\\Program Files\\Internet Explorer\\Connection Wizard\\ISIGNUP.EXE\""
"Path"="C:\\Program Files\\Internet Explorer\\Connection Wizard;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\jetsuite.exe]
"(Default)"="c:\\jetsuite\\jetsuite.exe"
"Path"="c:\\jetsuite"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\mbam.exe]
@="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"
"Path"="C:\\Program Files\\Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\migwiz.exe]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,75,00,73,00,\
6d,00,74,00,5c,00,6d,00,69,00,67,00,77,00,69,00,7a ,00,2e,00,65,00,78,00,65,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\moviemk.exe]
@="C:\\Program Files\\Movie Maker\\moviemk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\mplayer2.exe]
@="\"C:\\Program Files\\Windows Media Player\\mplayer2.exe\""
"Path"="\"C:\\Program Files\\Windows Media Player\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MSACCESS.EXE]
"useURL"="1"
"Path"="C:\\Program Files\\Microsoft Office\\OFFICE11\\"
@="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\MSACCESS.EX E"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MSCONFIG.EXE]
@="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSCon fig.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\msimn.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73 ,00,69,00,6d,00,6e,00,2e,\
00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\msinfo32.exe]
@="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\MSInfo32.exe"
"Path"="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MSMSGS.EXE]
@="C:\\Program Files\\Messenger\\msmsgs.exe"
"Path"="C:\\Program Files\\Messenger;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\MsoHtmEd.exe]
"useURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\msoxmled.exe]
"useURL"="1"
@="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLED.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\nero.exe]
@="C:\\Program Files\\ahead\\Nero\\nero.exe"
"Path"="C:\\Program Files\\ahead\\Nero\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\pbrush.exe]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,6d,00,73,00,\
70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65 ,00,00,00
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00, 6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00 ,33,00,32,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\pinball.exe]
@="C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"
"Path"="C:\\Program Files\\Windows NT\\Pinball"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\powerpnt.exe]
"Path"="C:\\Program Files\\Microsoft Office\\OFFICE11\\"
@="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\POWERPNT.EX E"
"SaveURL"="1"
"useURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\RegCure.exe]
@="C:\\Program Files\\RegCure\\RegCure.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\rvsezm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\rvsezm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\SeaMonkey.exe]
@="C:\\Program Files\\mozilla.org\\SeaMonkey\\SeaMonkey.exe"
"Path"="C:\\Program Files\\mozilla.org\\SeaMonkey\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\setup.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\shvlzm.exe]
@="C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\table30.exe]
"UseShortName"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wab.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,77,00,61 ,00,62,00,2e,00,65,00,78,\
00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wabmig.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00 ,6d,00,46,00,69,00,6c,00,65,\
00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00 ,6f,00,6b,00,20,00,45,00,\
78,00,70,00,72,00,65,00,73,00,73,00,5c,00,77,00,61 ,00,62,00,6d,00,69,00,67,\
00,2e,00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00, 61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00 ,6f,00,6f,00,6b,00,20,00,\
45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\winnt32.exe]
"RunAsOnNonAdminInstall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\WinRAR.exe]
@="C:\\Program Files\\WinRAR\\WinRAR.exe"
"Path"="C:\\Program Files\\WinRAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\Winword.exe]
"useURL"="1"
"Path"="C:\\Program Files\\Microsoft Office\\OFFICE11\\"
@="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\WINWORD.EXE "
"SaveURL"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\wmplayer.exe]
@="C:\\Program Files\\Windows Media Player\\wmplayer.exe"
"Path"="C:\\Program Files\\Windows Media Player"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\WORDPAD.EXE]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00 ,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00 ,6f,00,77,00,73,00,20,00,\
4e,00,54,00,5c,00,41,00,63,00,63,00,65,00,73,00,73 ,00,6f,00,72,00,69,00,65,\
00,73,00,5c,00,57,00,4f,00,52,00,44,00,50,00,41,00 ,44,00,2e,00,45,00,58,00,\
45,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\WRITE.EXE]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00 ,61,00,6d,00,46,00,69,00,6c,\
00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00 ,6f,00,77,00,73,00,20,00,\
4e,00,54,00,5c,00,41,00,63,00,63,00,65,00,73,00,73 ,00,6f,00,72,00,69,00,65,\
00,73,00,5c,00,57,00,4f,00,52,00,44,00,50,00,41,00 ,44,00,2e,00,45,00,58,00,\
45,00,22,00,00,00

VanguardLH[_2_] March 19th 16 05:11 AM
Need default (install-time) App Paths in registry
 
VanguardLH wrote:

My aunt got nailed with viruses of which one effect was to wipe entries
under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths

The old way was to add paths to the System (global to all users) and
User (for just the currently logged on account) PATH environment
variables which got merged during logon. You would see its value by
entering "echo %path%" or "set" (no parameters) at a command line in a
console window. When running an executable, first the current folder
(working directory) was checked and, if not found, the PATH was used to
see if the executable was in one of those paths. However, the registry
also gets used to identify paths to executables.

A subkey under the above one gets named the same as the exectuable's
filename. A data item named "Path" is added under each key whose value
is the full (absolute) path to the executable file. For example, you
will find subkeys named msconfig.exe and helpctr.exe under the parent
key which are used to locate those executables. If those subkeys are
missing, trying to run msconfig results in "file not found".

Well, the viruses left behind some nasty changes in the registry that I
have to work through, one of which is all subkeys were deleted under the
App Paths key. For someone using Windows XP, could you please run
regedit.exe, navigate the App Paths key, and export it to a .reg file.
Then edit it to Ctrl+A and Ctrl+C its content and paste its content in
your reply here.

Thanks to both Pauls. I will save those into .reg files, compare them
to see what differences there are, and maybe delete some that don't
apply in my aunt's setup. This will help with programs that I often
enter using Win+R (run) that cannot be found.

Alas, just reinstating the App Paths lists to the executables doesn't
fix all those programs. I already added the HELPCTR.EXE subkey and
specified its path and the links inside the first screen will work but
its search fails (never finds anything). Worked before the viruses were
removed so they must've chained into some registry settings and when
removed then the chain was broken. So I might still end up having to do
a Windows repair using the install CD.


All times are GMT +1. The time now is 10:02 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters