by Fogart » April 5th, 2009, 5:47 pm
Hi davis:
I hope you're having a good weekend! Okay, so here is my Dr.Web results:
psexec.cfexe;C:\32788R22FWJFW;Program.PsExec.171;Moved.;
Combo-Fix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Compaq_Owner\Desktop\Combo-Fix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Compaq_Owner\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Compaq_Owner\Desktop;Container contains infected objects;Moved.;
HPSummer2005.exe/data017\data001;C:\hp\bin\wbug\HPSummer2005.exe/data017;Adware.MyWay;;
data017;C:\hp\bin\wbug;Container contains infected objects;;
HPSummer2005.exe;C:\hp\bin\wbug;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\AOL\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\AOL\United States\AOL90\comps\coach;Archive contains infected objects;Moved.;
HPSummer2005.exe/data017\data001;D:\I386\Apps\APP20155\src\HPSummer2005.exe/data017;Adware.MyWay;;
data017;D:\I386\Apps\APP20155\src;Container contains infected objects;;
HPSummer2005.exe;D:\I386\Apps\APP20155\src;Archive contains infected objects;Moved.;
Here are the two RegQuery results you had me run:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave1"="serwvdrv.dll"
"wave2"="serwvdrv.dll"
"VIDC.MJPG"="Pvmjpg21.dll"
"VIDC.PIM1"="pclepim1.dll"
"MSVideo8"="VfWWDM32.dll"
"wave3"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"wave4"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"VIDC.WMV3"="wmv9vcm.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="C:\\WINDOWS\\system32\\..\\wxjnbw.qcj"
"vidc.yv12"="DivX.dll"
"vidc.DIVX"="DivX.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,90,04,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,07,00,0b,00,00,00,00,\
00,07,00,0b,00,00,00,3f,00,00,00,02,00,00,00,04,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,01,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,e4,04,f0,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,cc,03,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,19,00,01,00,43,00,6f,00,6d,00,\
6d,00,65,00,6e,00,74,00,73,00,00,00,43,00,72,00,79,00,73,00,74,00,61,00,6c,\
00,20,00,53,00,51,00,4c,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,65,00,\
72,00,20,00,37,00,2e,00,30,00,00,00,00,00,88,00,34,00,01,00,43,00,6f,00,6d,\
00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,65,00,\
61,00,67,00,61,00,74,00,65,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00,\
6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,\
00,47,00,72,00,6f,00,75,00,70,00,2c,00,20,00,49,00,6e,00,63,00,2e,00,00,00,\
ae,00,45,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,\
00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,20,00,28,00,63,00,29,00,20,00,31,00,39,00,39,00,31,00,2d,00,31,\
00,39,00,39,00,10,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe]
"ApplicationGoo"=hex:54,09,00,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,a8,11,2e,04,00,00,02,\
00,a8,11,2e,04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,\
01,00,30,00,30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,\
67,00,6e,00,61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,\
00,42,00,11,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,\
6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,\
00,61,00,6c,00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,\
46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,\
00,6f,00,6e,00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,\
74,00,65,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,\
56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,32,00,30,\
00,2e,00,32,00,2e,00,30,00,2e,00,31,00,30,00,37,00,30,00,00,00,32,00,09,00,\
01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,\
00,00,00,46,00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,\
2b,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,\
00,67,00,68,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,03,00,9e,11,26,04,00,00,03,00,9e,11,26,\
04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,01,00,30,00,\
30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,67,00,6e,00,\
61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,42,00,11,\
00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,\
00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,00,61,00,6c,\
00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,\
6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,\
6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,\
72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,31,00,30,00,2e,00,33,\
00,2e,00,30,00,2e,00,31,00,30,00,36,00,32,00,00,00,32,00,09,00,01,00,49,00,\
6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,\
00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,2b,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
23,00,54,02,00,00,00,02,00,00,20,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,00,00,04,00,f0,03,00,00,00,00,04,00,f0,03,00,00,3f,\
00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,7e,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,5a,02,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,\
00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,\
20,00,41,00,47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,\
00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,\
53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,\
00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,\
00,00,36,00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,\
00,6f,00,6e,00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,30,00,\
30,00,38,00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,\
00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,\
00,00,5e,00,1d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,\
00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,\
00,39,00,37,00,20,00,53,00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,\
00,00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00,54,02,\
00,00,00,02,00,00,18,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,00,52,00,53,\
00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,bd,04,ef,fe,\
00,00,01,00,00,00,04,00,dd,03,00,00,00,00,04,00,dd,03,00,00,3f,00,00,00,00,\
00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,02,\
00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,00,65,00,49,\
00,6e,00,66,00,6f,00,00,00,54,02,00,00,01,00,30,00,34,00,30,00,39,00,30,00,\
34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,\
00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,\
47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,\
00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,53,00,41,00,\
50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,34,00,\
0a,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,\
00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,39,00,38,00,39,00,00,00,\
2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,\
00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,00,00,5e,00,1d,00,01,00,\
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,\
a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,00,39,00,37,00,20,00,53,\
00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,00,00,01,00,4c,00,65,00,\
67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,02,00,00,00,00,00,00,\
00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,65,05,00,00,\
02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,6c,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,cc,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9c,\
00,3c,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,02,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
34,00,00,00,23,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,44,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,01,00,01,00,0c,00,00,00,01,\
00,01,00,0c,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,44,00,00,00,00,00,56,00,61,00,72,00,46,00,69,\
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
04,b0,04,a4,01,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,80,01,00,00,01,00,30,00,34,00,30,\
00,39,00,30,00,34,00,42,00,30,00,00,00,40,00,20,00,01,00,43,00,6f,00,6d,00,\
70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,44,00,65,00,4c,\
00,6f,00,72,00,6d,00,65,00,20,00,4d,00,61,00,70,00,70,00,69,00,6e,00,67,00,\
00,00,44,00,22,00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,4e,00,61,\
00,6d,00,65,00,00,00,00,00,52,00,65,00,67,00,20,00,28,00,44,00,4c,00,69,00,\
62,00,62,00,79,00,5c,00,6d,00,73,00,66,00,29,00,00,00,00,00,34,00,14,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,00,00,00,38,00,14,\
00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,\
00,00,00,34,00,12,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,\
4e,00,61,00,6d,00,65,00,00,00,4d,00,4e,00,47,00,52,00,45,00,47,00,33,00,32,\
00,00,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,23,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE]
"GlobalFlag"="0x00200000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE]
"GlobalFlag"="0x00200000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,b4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,35,00,07,00,00,00,00,00,35,\
00,07,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,12,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,ee,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,42,00,11,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,00,00,00,00,28,00,00,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,2a,00,05,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,\
69,00,6f,00,6e,00,00,00,00,00,37,00,2e,00,35,00,33,00,00,00,00,00,9c,00,3c,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
00,20,00,a9,00,20,00,31,00,39,00,38,00,38,00,2d,00,31,00,39,00,39,00,38,00,\
20,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
00,49,00,6e,00,63,00,2e,00,20,00,20,00,41,00,6c,00,6c,00,20,00,52,00,69,00,\
67,00,68,00,74,00,73,00,20,00,52,00,65,00,73,00,65,00,72,00,76,00,65,00,64,\
00,00,00,3c,00,0a,00,01,00,4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,\
46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,00,00,70,00,73,00,64,00,6d,\
00,74,00,2e,00,10,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"ApplicationGoo"=hex:00,07,00,00,54,02,00,00,00,02,00,00,84,07,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,e4,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,60,03,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9e,\
00,3d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
33,00,00,00,24,00,54,02,00,00,00,02,00,00,a4,08,34,00,00,00,56,00,53,00,5f,\
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,\
00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,04,08,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,f0,03,00,00,01,00,30,00,\
34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,\
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,\
6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,\
6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,\
00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,\
76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,\
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,\
00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,\
61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,a6,00,41,00,01,\
00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,\
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,\
00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
24,00,54,02,00,00,00,02,00,00,18,04,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,00,a8,07,3f,\
00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,78,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,01,00,30,00,34,00,30,00,\
39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,00,6d,00,6d,\
00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,6d,00,70,00,\
61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,00,63,00,72,\
00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,00,6c,00,65,\
00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,\
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,45,00,78,\
00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,00,46,00,69,\
00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,35,00,\
2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,00,2c,00,06,\
00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,\
65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9a,00,3b,00,01,00,4c,00,65,\
00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,\
00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,02,00,00,\
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,00,00,00,00,\
65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,00,76,00,69,\
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,24,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,04,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,1c,00,08,00,00,00,00,00,00,\
00,08,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,64,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,40,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,44,00,12,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,\
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,13,00,01,00,46,00,69,00,6c,00,\
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
00,00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,\
20,00,57,00,69,00,7a,00,61,00,72,00,64,00,00,00,00,00,2c,00,06,00,01,00,46,\
00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,\
38,00,2e,00,30,00,32,00,38,00,00,00,46,00,13,00,01,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,43,00,6f,00,72,00,\
65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,20,00,57,00,69,00,7a,00,61,\
00,72,00,64,00,00,00,00,00,6c,00,24,00,01,00,4c,00,65,00,67,00,61,00,6c,00,\
43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,\
00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,\
37,00,2c,00,20,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,\
00,6f,00,72,00,08,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,38,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,0a,00,01,00,0a,00,02,\
00,0a,00,01,00,0a,00,00,00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,98,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,74,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,15,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,\
00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,60,00,1c,00,\
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
00,69,00,6f,00,6e,00,00,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,\
63,00,20,00,53,00,79,00,6d,00,65,00,76,00,65,00,6e,00,74,00,20,00,49,00,6e,\
00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,34,00,0a,00,01,00,46,00,\
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
00,30,00,2e,00,32,00,2e,00,31,00,30,00,2e,00,31,00,00,00,30,00,08,00,01,00,\
49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,\
00,53,00,45,00,56,00,49,00,4e,00,53,00,54,00,00,00,7e,00,2d,00,01,00,4c,00,\
65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,28,00,\
43,00,29,00,20,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,\
00,6f,00,72,00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
"DisableHeapLookAside"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll]
"CheckAppHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,7c,03,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,09,00,26,00,00,\
00,01,00,09,00,26,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,dc,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,b8,02,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,66,00,27,00,01,\
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,42,00,75,00,73,00,\
69,00,6e,00,65,00,73,00,73,00,20,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,\
00,67,00,65,00,6e,00,63,00,65,00,20,00,6f,00,6e,00,20,00,45,00,76,00,65,00,\
72,00,79,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,00,00,48,\
00,14,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,\
65,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,49,00,6e,00,63,\
00,6f,00,72,00,70,00,6f,00,72,00,61,00,74,00,65,00,64,00,00,00,60,00,1c,00,\
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
00,69,00,6f,00,6e,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,\
47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,49,00,6e,00,73,00,74,00,61,\
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,38,00,0c,00,01,00,46,00,\
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
00,2c,00,20,00,30,00,2c,00,20,00,33,00,38,00,2c,00,20,00,39,00,00,00,30,00,\
08,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,\
00,65,00,00,00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
"GlobalFlag"="0x000010F0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,a4,02,34,00,00,00,56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,01,00,00,00,00,\
00,01,00,01,00,00,00,3f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,04,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,e0,01,00,00,\
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,20,00,00,00,01,\
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
00,00,58,00,18,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,49,00,4e,00,53,00,54,00,\
41,00,4c,00,4c,00,20,00,4d,00,46,00,43,00,20,00,41,00,70,00,70,00,6c,00,69,\
00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,30,00,08,00,01,00,46,00,69,00,\
6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,00,2e,\
00,30,00,2e,00,30,00,30,00,31,00,00,00,30,00,08,00,01,00,49,00,6e,00,74,00,\
65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,49,00,4e,00,53,\
00,54,00,41,00,4c,00,4c,00,00,00,24,00,00,00,01,00,4c,00,65,00,67,00,61,00,\
6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,28,00,00,\
00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,\
61,00,72,00,6b,00,73,00,00,00,00,00,40,00,0c,00,01,00,4f,00,72,00,69,00,67,\
00,69,00,6e,00,61,00,6c,00,46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,\
00,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,2e,00,45,00,58,00,45,00,00,\
00,30,00,08,00,08,00,00,00,00,00,00,00
As to whter I have a Windows XP install disk, the answer is that my Compaq computer with the problems came with recovery software installed but not a Windows XP disk, so I have the recovery software (and a back-up to that on DVD). I also have a copy of Windows XP Professional installation disk which I have installed on a different comptuer but at least I do have that disk if necessary!