
[b]SDFix: Version 1.240 [/b]
Run by  on 15.11.2008 at 22:53

Microsoft Windows XP [ 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 22:56:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 ?B?l?u?e?t?o?o?t?h? ?(??\4@\4>\4B\4>\4:\4>\4;\4 ?R?F?C?O?M?M? ?T?D?I?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"d\2\xe120(\0\0\xffe0\xffffv\a\f\0(\1\0\1\0pitr\xffe0\xffffv\5\b\0(\1\0\1\0vdo\0\xffe0\xffffv\b\22\0\xdf30(\1\0\1\0kyor\xffe8\xffffSTANDARD\0\0\xffffn a\x2698\0\0`\r\5\0\0\0H\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\36\0\0\0\0\0\0\0.\0\n\0Silmg\0\0\0\xffffn \x262a\0\0\xdf48(\5\0\0\0\xe578(\xffff\xffff\1\0`(\0\xffff\xffff\30\0\0\0$\0\4\0\0\0\5\0Dbg\0hi\xe000(\0\0\0\0\26\0002\0\0\0\n\0wmu.r960\xffe0\xffffv\6X\05\1\0\1\17DieF\xffe8\xffff\xe158(.v\v\30\0\xe1d8(\1\0\1vUisalreO\xfff0\xffff550\xffd8\xffffv\tN\0h)\1\0\1\0CasUD\0\0\0\xfff0\xffffIntel\0\xfff0\xffffMTD\0am\xffe0\xffffnvudisp.exe\0sU\xffe8\xffffl\2\xedc07d\x29c4\r\xe918H\xffd8\xffffv\f\4\xffd0\xffffv\22\4(\xe7c0(Y\xefaa\xffffn @\x264b\0\0\xdfa8(\0\0\0\0\xffff\xffff\xffff\xffff\1\0(\0\xffff\xffff\0\0\0\0\24\0\4\0\1\0\f\0waev.l\0\0\xffd8\xffffv\n\4\0\0\xffff\xffff\xffff\xffff\1\0H(\0\xffff\xffff\0\0\0\0\24\0\4\0\2\0\b\0wa\x2e66a\xffd8\xffffv\n\4\0\0\0\24\0\4\0\3\0\f\0waie.l\0\0\xffd8\xffffv\n\4\xe288(Y\xefaa\xe320(\xa7da3\xe3c0(\x191d\xa91c\xe468(\xecda\xe4f0(=\0\0\0\0\0\0\0\0\xffffn `\x31d9\x264b\0\0\xdf48(\1\0\0\0\xe278(\xffff\xffff\0\0\xffff\xffff\0\xffff\xffffL\0\0\0\0\0\0\0\1\0\17\0DvcNmSoe\xff88\xffffn `\x31d9\x264b\0\0\xe5b8(\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0{BDF\x2d3680\x312d1\x2d30BC\x302d8\x3230B\x3032\x3239F\0\xffffn \xc74\x264a\0\0\xdf48(\4\0\0\0\xec08(\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\32\0\0\0\0\0\0\0\2\0\6\0Eetl\xffffn \x26ac\xf5a8\x307f\0\0\xe690(\4\0\0\0F\xffff\xffff\2\0\xe310(\0\xffff\xffffL\0\0\0$\0N\0\0\0\t\0Cnetdem \xffe0\xffffv\4N\0\xe768(\1\0\1\0GImc\xffff{A28BBADE-64B6-11D2-A231-00C04FA31809}\0Sid\xffd0\xffffv\22\4iaince \xff88\xffffn \xc74\x264a\0\0\xe6e8(\0\0\0\0\xffff\xffff\xffff\xffff\3\0\xe968(\0\xffff\xffff\0\0\0\0\b\0^\0\1\0&\0{\x3331\x3345\x3246\x2d3518-5\x2d309\x3334-5E3CFAa\xffe0\xffffv\4^\0\xe888(\1\0\1rNmy\0\xff98\xffff0AB5@ @01>BK A> A:0=5@>< 8;8 F8D@>2>9 :0<5@>9\0k\0b\xffe0\xffffv\4T\0\xe910(\1\0\1aDspi\xffff03@C7:0 87>1@065=89 A :0<5@K 8;8 A:0=5@0\0\xfff0\xffff\xe868(\xe8f0(\xe978(\xffe0\xffffv\4 \0\xe998(\1\0\1lIode\xffd8\xffffwiaacmgr.exe,-2\0ha\xfff0\xffffpci\0d\x29c4\xffffn \xc74\x264a\0\0\xe690(\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xead8(\0\xffff\xffff\0\0\0\0$\0N\0\1\0\f\0Dsonce D\xffe0\xffffv\4N\0\xea50(\1\0\1lGI40\xffff{143E4E83-6497-11D2-A231-00C04FA31809}\0age\xffd0\xffffv\22\4(\xeaa8(\0\0\xfff0\xffff\xeca8(\xed30(\xeda8(\b\0ۛ\xffffn |\xf5bb\x307f\0\0\xe690(\4\0\0\0 F\xffff\xffff\2\0\xe3a8(\0\xffff\xffffL\0\0\0$\0N\0\2\0\n\0SaBtoE\0n\xffe0\xffffv\4N\0\xeb80(\1\0\1fGIms\xffff{A6C5A715-8C6E-11D2-977A-0000F87A926F}\0rv\0\xffd0\xffffv\22\418-5\x2d309\x3334-5E3CFA\0\xffe0\xffffv\4^\0\xecc8(\1\0\1cNmcp\xff98\xffff0AB5@ @01>BK A> A:0=5@>< 8;8 F8D@>2>9 :0<5@>9\0\0\0\0\xffe0\xffffv\4T\0\xed50(\1\0\1aDsos\xffff03@C7:0 87>1@065=89 A :0<5@K 8;8 A:0=5@0\0\xffe0\xffffv\4 \0\xedc8(\1\0\1\0Io\0\0\xffd8\xffffwiaacmgr.exe,-2\0\0\0\xfff0\xffffIntel\0\xffffn \xc74\x264a\0\0\xe690(\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xef08(\0\xffff\xffff\0\0\0\0$\0N\0\3\0\r\0SIrxEett\xffe0\xffffv\4N\0\xee80(\1\0\1tGIsk\xffff{d711f81f-1f0d-422d-8641-927d1b93e5e5}\0g\0e\xffd0\xffffv\22\4\xffff\xffff\xffff\2\0\xf068(\0\xffff\xffff\0\0\0\0\n\0>\0\0\0\6\0SIL\0\xffe8\xffffv\0>\0\xf020(\1\0\0\0\xffe0\xffffv\5\4\xffffatapi\0\xffffn \xc74\x264a\0\0\xef18(\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xf180(\0\xffff\xffff\0\0\0\0\n\0X\0\1\0\6\0SIO\0\xffe8\xffffv\0X\0\xf0f8(\1\0\0\0\xffff@>F5AA <>=8B>@8=30 =5?>4286=KE 87>1@065=89\0\0\0\xfff8\xffff)\xffe0\xffffv\5\4\xffff\xffff\xffff\5\0)\0\xffff\xffff\0\0\0\0\f\0\x8e8\0\0\0\22\0AsgmnOdrn\0\0\0\xffe0\xffffv\4\16\0\xf290(\1\0\1\0Es\0\0\xffe8\xffffPCFlat\0\1\xe108\1\xffe0\xffffv\3\16\0\xf2c8(\1\0\1\0Ia\0\0\xffe8\xffffPCFlat\0\0\0\0\xffe0\xffffv\6\0\xf300(\n\0\1\0PFa\0P\xffff\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1$\0\x2ff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x3cf\0\0\0\0\0\0\0\0\0\0\0\0\0\x3ff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\t\0\0\0\0\0\0\0\0\0\0\0\0\b\0\b\0\0\0\0\0\0\0\0\0\0\0\0\a\0\a\0\0\0\0\0\0\0\0\0\0\0\0\v\0\v\0\0\0\0\0\0\0\0\0\0\0\0\n\0\n\0\0\0\0\0\0\0\0\0\0\0\0\2\0\2\0\0\0\0\0\0\0\0\0\0\0\0\5\0\5\0\0\0\0\0\0\0\0\0\0\0\0\3\0\3\0\0\0\0\0\0\0\0\0\0\0\0\4\0\4\0\0\0\0\0\0\0\0\0\0\0\0\16\0\16\0\0\0\0\0\0\0\0\0\0\0\0\6\0\6\0\0\0\0\0\0\0\0\0\0\0\0\f\0\f\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\17\0\0\0\0\0\0\0\0\0\x300\0\0\0\0\0\0\0\0\20\0\0\xffff\0\0\x308\0\0\0\0\0\0\0\0\17\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\v\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\xfff7\0\0\0\0\xffe0\xffffv\3\x8e8\0 )\n\0\1\0PI\0\0\xffc8\xffffv\34\4\0\4\0\1\27feySoncin\27\27\xffd8\xffffv\16\b\0P(\1\0\1\27Pouteso\27\xffd8\xffffv\v\4Eald\0\0\0\xffd8\xffffv\r\4\xfdd0(\xffc8\xffffv\36\4\xffd0\xffffv\23\0\0\0\xffff\xffff\xffff\xffff\2\0\xfbc0(\0\xffff\xffff\0\0\0\0\b\0\20\0\0\0\17\0Ci eietr\xffffn \x262a\0\0P(\0\0\0\0\xffff\xffff\xffff\xffff\2\0(\0\xffff\xffff\0\0\0\0\b\0\22\0\1\0\20\0Su\x2064Rdrco\xffe0\xffffv\4\22\0(\1\0\1qNm28\xffe8\xffffRDPSound\0001\xffe0\xffffv\4\4x(\1\0\1\0Nm\0\0\xffe0\xffff\Device\RdpDr\0\xffe0\xffffv\4\4\xffffv\0\2\xf710\xffff\x8e8\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\1\1F\0\0\0\xe800\0\0\0\xe8ff\0\0\0\0\0\0\0\0\0\0\xe400\0\0\0\xe4ff\0\0\0\0\0\0\0\0\0\0\xe000\0\0\0\xe0ff\0\0\0\0\0\0\0\0\0\0\xdc00\0\0\0\xdcff\0\0\0\0\0\0\0\0\0\0\xd800\0\0\0\xd8ff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xa800\0\0\0\xa8ff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x2400\0\0\0\x24ff\0\0\0\0\0\0\0\0\0\0\x2000\0\0\0\x20ff\0\0\0\0\0\0\0\0\0\0\x1c00\0\0\0\x1cff\0\0\0\0\0\0\0\0\0\0\x1800\0\0\0\x18ff\0\0\0\0\0\0\0\0\0\0\x1400\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xcff\0\0\0\0\0\0\0\0\0\0\x800\0\0\0\x8ff\0\0\0\0\0\0\0\0\0\0\x500\0\0\0\xffff\xffff\0\0\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\17\0\0\x308\0\0\0\0\0\0\0\0\b\0\0\xffff\xfff7\0\0\xf1a8(\0\0\0\0\xffff\xffff\xffff\xffff\v\0\xbd8)\0\xffff\xffff\0\0\0\0\30\0\b\0\1\0\t\0Bsaus\0\0\0\xffe0\xffffv\4\b\0)\3\0\1\0Cu\0\0\xfff0\xffff\t\0\0\0W"\xffe0\xffffv\4\b\0)\3\0\1\0Es\0\0\xfff0\xffff\2\0\1\0\xdb80\1\xfff0\xffff\n\0\0\0\0\0\xffe0\xffffv\b\b\0\xa50)\3\0\1\0Itra\xfff0\xffff\0\0\0\0\0\0\xffe0\xffffv\3\b\0\xa80)\3\0\1\0Ia\0\0\xfff0\xffff\1\0\0\0\0\0\xfff0\xffff\a\0\0\0\xeb68\1\xfff8\xffffH(\xffe0\xffffv\3\b\0 )\3\0\1\0MI\0\0\xffe0\xffffv\4\b\0\xae8)\3\0\1\0MS\0\0\xfff0\xffff\v\0\0\0\0\0\xffe0\xffffv\6\b\0)\3\0\1\1PMI\1\xffe0\xffffv\5\b\0)\3\0\1\0NBs\0\xffe0\xffffv\3\b\0\xb58)\3\0\1\0PI\0\0\xfff0\xffff\5\0\1\0\0\0\xffe0\xffffv\3\b\0)\3\0\1\1VE\xec50\1\b\0x(\xfff0\xffff\b\0\1\0\0\0\xffd8\xffffv\f\b\0)\3\0\1\0Trohne\0\0\xfff0\xffff\4\0\0\0\0\0\xffd0\xffff))0)\xa60))))8)\xaf8)\xba0)\xb68)\xfff0\xffff\6\0\0\0\0\0\xffe8\xffffRDPClip\0p\xff98\xffffn \xc74\x264a\0\0\xf1a8(\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf158(\0\xffff\xffff\0\0\0\0\6\0\0\2\0\21\0RsreRsucs\0\0\0\xffe0\xffffv\3\0)\b\0\1\0Ia\0\0h\xffff\1\0\1\0\0\0\0\0(\0\0\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\xa6e8\0\0\0\b\0\x301\0\xaae8\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\0\0\0\b\0\x301\0\xdae8\0\0\0\b\0\x301\0\xdee8\0\0\0\b\0\x301\0\xe2e8\0\0\0\b\0\x301\0\xe6e8\0\0\0\b\0\x301\0\xeae8\0\0\0\b\0\x301\0\xeee8\0\0\0\b\0\x301\0\xf6ee\0\0\0\2\0\x301\0\xfaee\0\0\0\2\0\x301\0\0\0\0\2\0\x302\0\3\0\3\0\xffff\xffff\x302\0\4\0\4\0\xffff\xffff\x302\0\16\0\16\0\xffff\xffff\x302\0\6\0\6\0\xffff\xffff\x302\0\f\0\f\0\xffff\xffff\x302\0\1\0\1\0\xffff\xffff\x303\0\xffff\xffbf\0\0\0@\xffd8\xffffl\3\xf208(W"`)\xabb2e0)G\xf6f6\0\0\0\0\xffffn (@\x262b\0\0`\r\f\0\0\06\xffff\xffff\20\0H6\0\xffff\xffff0\0\0\0<\0\0/\0\17\0Tria evr\xffd8\xffffv\v\4KyorLyu\0\xffd0\xffffv\21\4Lgnevr\0\xffd8\xffffv\r\2ga\27\xfff0\xffffrdpwd\0\xffd0\xffffv\26\4v\b\26\0)\1\0\1\27\x3030\x3030\x3030\x3030\xffd0\xffffv\26\4\1\27frmtoPswr\27\27\xffd8\xffffv\16\4)`)))8)v\e\4\xffd8\xffff) )P))))\x1718)\x1748)\0\0\xffffn \xc74\x264a\0\0x)\0\0\0\0\xffff\xffff\xffff\xffff\1\0)\0\xffff\xffff\0\0\0\0\0\0\2\0\4\0\f\0Ipteie\0\0\xffc8\xffff0\0001\0LOGON\0chglogon.exe\0\0\0\0\b\0\xff98\xffffn ,\x262a\0\0x)\2\0\0\0)\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\6\0\0\0\0\0\0\0\5\0\24\0KyorTp apn\0\0\xffffn ,\x262a\0\08)\0\0\0\0\xffff\xffff\xffff\xffff\17\0\x1c80)\0\xffff\xffff\0\0\0\0\30\0\32\0\0\0\3\0JN\0\0\xffe0\xffffkbdax2.dll\0\0\0\0\xffe0\xffffv\b\26\0\x1938)\1\0\1\0\x3030\x3030\x3030\x3230\xffe0\xffffkbd106.dll\0\0\0\0\xffe0\xffffv\b\32\0\x1978)\1\0\1\0\x3030\x3030\x3030\x3330\xffe0\xffffkbdibm02.dll\0\0\xffe0\xffffv\b\32\0\x19b8)\1\0\1\0\x3030\x31300\x3130\xffe0\xffffkbdnec95.dll\0\0\xffd8\xffffv\f\32\0\x1a00)\1\0\1y\x3030\x3030\x3030\x3030\x30301ur\xffe0\xffffkbdlk41a.dll\0C\xffe0\xffffv\b\32\0\x1af8)\1\0\1\27\x3030\x30300\x3130\xffd8\xffffv\f\32\0\x1a68)\1\0\1S\x3030\x3030\x3030\x3230\x30301Cu\xffe0\xffffkbdnecAT.dll\0\\xffd8\xffffv\f\32\0\x1ab0)\1\0\1e\x3030\x3030\x3030\x3230\x30301So\xffe0\xffffkbdlk41j.dll\0t\xffe0\xffffv\b\30\0\x1b88)\1\0\1\0\x3030\x3130\x3030\x3230\b\0\x1a20)\xffe0\xffffkbdnecNT.dll\0d\xffe0\xffffv\b\32\0\x1b38)\1\0\1e\x3030\x303000\xffe0\xffffkbdnecNT.dll\0r\xffe0\xffffv\b\32\0\x1c20)\1\0\1\27\x3030\x3230\x3030\x3230\xfff0\xffff\x2a20)\x2a70)\x1ad0)\xffe0\xffffkbd106n.dll\0x\27\xffe0\xffffv\b\32\0\x1bc8)\1\0\1r\x3030\x313000\xffe0\xffffkbdnec95.dll\0r\xffe0\xffffv\b\32\0\x1cc0)\1\0\1\27\x3030\x323000\xffe8\xffff\x2228)\x23c0)\x2410)\x2460)()\xffe0\xfffff3ahvoas.dll\0C\xffe0\xffffv\b\32\0\x1c60)\1\0\1t\x3030\x32300\x3130\xffe0\xffffkbdnecAT.dll\0r\xffc0\xffff\x1388)\xffffkbdnecAT.dll\0e\xffffn ,\x262a\0\08)\0\0\0\0\xffff\xffff\xffff\xffff\4\0\xffe8(\0\xffff\xffff\0\0\0\0\20\0\30\0\1\0\3\0KR\0\0\xffe0\xffffv\b\30\0\x1d58)\1\0\1\0\x3030\x3030\x3030\x3330\xffe0\xffffkbd101a.dll\0\0\0\xffe0\xffffv\b\30\0\x1d98)\1\0\1\0\x3030\x3030\x30300\xffe0\xffffkbd101b.dll\0\0\0\xffe0\xffffv\b\30\0\x1dd8)\1\0\1\0\x3030\x3030\x30300\xffe0\xffffkbd101c.dll\0\0\0\xffe0\xffffv\b\26\0)\1\0\1\0\x3030\x3030\x30300\xffe0\xffffkbd103.dll\0\0\0\0\xffffn \x262a\0\0x)\0\0\0\0\xffff\xffff\xffff\xffff\25\0\x2250)\0\xffff\xffff\0\0\0\0\30\0\4\0\6\0\b\0Ssrc\xffd8\xffffv\t\4\xffffv\v\4)\v\4\xffffv\n\4\0\0\0\x27f0)\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\f\0\0\0\0\0\0\0\b\0\t\0Uiiis\0\0\0\xffd8\xffffv\16\4\xffff\4\0\x1c08)\0\xffff\xffff\0\0\0\0\f\0002\0\0\0\6\0cag\0\xffe0\xffffv\4,\0\x23e0)\a\0\1\0pr\0\0\xffd0\xffff0\0001\0PORT\0chgport.exe\0\0\xffe0\xffffv\4*\0\x2430)\a\0\1\0ue\0\0\xffd0\xffff0\0001\0USER\0chgusr.exe\0\0\0\xffe0\xffffv\0062\0\x2480)\a\0\1\0wnt\0\xffc8\xffff1\0001\0WINSTA\0chglogon.exe\0\0\0\xffffn ,\x262a\0\0\x22a8)\0\0\0\0\xffff\xffff\xffff\xffff\5\0)\0\xffff\xffff\0\0\0\0\22\08\0\1\0\5\0qey\0\xffd8\xffffv\t8\0\x2538)\a\0\1\0apevr\0\0\0\xffc0\xffff0\0002\0TERMSERVER\0qappsrv.exe\0\0\0\0\xffe0\xffffv\a4\0\x2598)\a\0\1\0poes\xffc8\xffff0\0001\0PROCESS\0qprocess.exe\0\0\xffe0\xffffv\a2\0\x25f0)\a\0\1\0ssin\xffc8\xffff0\0001\0SESSION\0qwinsta.exe\0\0\0\xffe0\xffffv\4(\0\x2648)\a\0\1\0ue\0\0\xffd0\xffff0\0001\0USER\0quser.exe\0\0\0\0\xffe0\xffffv\0060\0\x2698)\a\0\1\0wnt\0\xffc8\xffff1\0001\0WINSTA\0qwinsta.exe\0\0\0\0\xffe8\xffffl\2\x2870)\x21576\x29c8)_\xffffn ,\x262a\0\0\x22a8)\0\0\0\0\xffff\xffff\xffff\xffff\2\0h(\0\xffff\xffff\0\0\0\0\16\0002\0\2\0\5\0rst\0\xffe0\xffffv\a2\0\x2760)\a\0\1\0ssin\xffc8\xffff0\0001\0SESSION\0rwinsta.exe\0\0\0\xffe0\xffffv\0060\0\x27b8)\a\0\1\0wnt\0\xffc8\xffff1\0001\0WINSTA\0rwinsta.exe\0\0\0\0\xffd8\xffffl\3\x2368)\xf24a\x1d2b\x24b8)\x94f\x26e8)\x17eb`\0\0\0\0\xffffn \x262a\0\0x)\2\0\0\0\x26d0)\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\n\0\0\0\0\0\0\0\t\0\5\0VDO\0\xffffn \xc74\x264a\0\0\x2818)\0\0\0\0\xffff\xffff\xffff\xffff\2\0()\0\xffff\xffff\0\0\0\0\34\0\x84\0\0\0\4\0ds\0\0\xffd8\xffffv\r\36\0\x28f0)\1\0\1\0Vaoptbe\0\xffd8\xffff\Device\Video0\0\0\0\0\xffd8\xffffv\16\x84\0\x2940)\1\0\1\0\eieVd\x306f\0\xff78\xffff\REGISTRY\Machine\System\CurrentControlSet\Services\TSDDD\Device0\0\xffffn \x262a\0\0\x2818)\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x1b78)\0\xffff\xffff\0\0\0\0\34\0\x84\0\1\0\5\0rpdo\xffd8\xffffv\r\36\0\x2a48)\1\0\1PVaoptbee\xffd8\xffff\Device\Video0\0PNA\xffd8\xffffv\16\x84\0\x2a98)\1\0\1P\eieVd\x306fn\xff78\xffff\REGISTRY\Machine\System\CurrentControlSet\Services\RDPDD\Device0\0\xffffn \x262a\0\0x)\1\0\0\0\x21c8)\xffff\xffff\0\0\xffff\xffff\0\xffff\xffff\n\0\0\0\0\0\0\0\n\0\3\0Ws C\xffffn :\x262a\0\0\x2b20)\1\0\0\0\x31f8)\xffff\xffff&\0\x3320)\0\xffff\xffff\6\0\0\0,\0$\0\0\0\5\0rpdr\xffe0\xffffv\b\4BuRt\xffe0\xffffv\b\4v\b\4\xffffv\22\4\xffffv\6\16\0\x2e28)\1\0\1\27WxL\27\xffe0\xffffv\b\4\xffffv\v\4"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001fe2f0f05d]
"001c35ed7b73"=hex:49,54,7c,46,08,9d,12,d4,a7,4d,30,ef,a6,a2,ba,2d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:55,0d,59,b2,d2,ec,f3,81,31,90,d9,32,7c,77,29,c2,10,b5,66,18,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,55,cf,be,85,2e,db,38,5b,b8,b3,da,41,2a,68,c9,e1,..
"khjeh"=hex:e5,f0,3b,cd,76,d1,5a,73,c9,99,63,bc,f9,71,7e,24,58,ce,a3,8f,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:35,e8,cc,18,16,4a,0a,f5,46,8e,88,77,8d,ad,cc,75,36,3f,4e,98,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:77,43,0a,96,9c,af,e5,d0,71,73,50,ca,97,f9,8f,38,23,5c,2a,83,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:9e,c3,dd,32,1c,50,40,36,da,06,8f,6d,c2,0d,9e,75,36,be,24,4f,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:dc,06,a4,34,eb,52,9a,69,f3,1b,6d,10,5a,85,1d,d0,bd,87,bf,a1,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 ?B?l?u?e?t?o?o?t?h? ?(??\4@\4>\4B\4>\4:\4>\4;\4 ?R?F?C?O?M?M? ?T?D?I?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2f0f05d]
"001c35ed7b73"=hex:49,54,7c,46,08,9d,12,d4,a7,4d,30,ef,a6,a2,ba,2d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:55,0d,59,b2,d2,ec,f3,81,31,90,d9,32,7c,77,29,c2,10,b5,66,18,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,55,cf,be,85,2e,db,38,5b,b8,b3,da,41,2a,68,c9,e1,..
"khjeh"=hex:e5,f0,3b,cd,76,d1,5a,73,c9,99,63,bc,f9,71,7e,24,58,ce,a3,8f,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,4e,f7,0b,da,a7,9e,7d,33,60,14,a2,88,c5,89,a3,df,b1,69,47,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:77,43,0a,96,9c,af,e5,d0,71,73,50,ca,97,f9,8f,38,23,5c,2a,83,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:9e,c3,dd,32,1c,50,40,36,da,06,8f,6d,c2,0d,9e,75,36,be,24,4f,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:dc,06,a4,34,eb,52,9a,69,f3,1b,6d,10,5a,85,1d,d0,bd,87,bf,a1,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 ?B?l?u?e?t?o?o?t?h? ?(??\4@\4>\4B\4>\4:\4>\4;\4 ?R?F?C?O?M?M? ?T?D?I?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f0f05d]
"001c35ed7b73"=hex:49,54,7c,46,08,9d,12,d4,a7,4d,30,ef,a6,a2,ba,2d
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:55,0d,59,b2,d2,ec,f3,81,31,90,d9,32,7c,77,29,c2,10,b5,66,18,22,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7f,55,cf,be,85,2e,db,38,5b,b8,b3,da,41,2a,68,c9,e1,..
"khjeh"=hex:e5,f0,3b,cd,76,d1,5a,73,c9,99,63,bc,f9,71,7e,24,58,ce,a3,8f,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d7,4e,f7,0b,da,a7,9e,7d,33,60,14,a2,88,c5,89,a3,df,b1,69,47,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:77,43,0a,96,9c,af,e5,d0,71,73,50,ca,97,f9,8f,38,23,5c,2a,83,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:9e,c3,dd,32,1c,50,40,36,da,06,8f,6d,c2,0d,9e,75,36,be,24,4f,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:dc,06,a4,34,eb,52,9a,69,f3,1b,6d,10,5a,85,1d,d0,bd,87,bf,a1,7b,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"\37\4>\0044\0042\48\0046\4=\0040\4O\4 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\0045\4;\0040\4O\4"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
" \4C\4:\48\4 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
" \4C\4:\48\4 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\24\48\4=\4>\0047\0040\0042\4@\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\22\4 ?A\4B\0040\4@\4>\4<\4 ?A\4B\48\4;\0045\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\24\48\4@\48\0046\0045\4@\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"#\0042\0045\4;\48\4G\0045\4=\4=\0040\4O\4"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\22\0040\4@\48\0040\4F\48\48\4"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\4@\4>\4=\0047\4>\0042\0040\4O\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"'\0045\4@\4=\0040\4O\4 ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"'\0045\4@\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"'\0045\4@\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"\20\0044\4<\48\4=\48\4A\4B\4@\0040\4B\4>\4@\4"="C:\Documents and Settings\4<8=8AB@0B>@\>8 4>:C<5=BK"
"\34\4K\4"="C:\Documents and Settings\K\>8 4>:C<5=BK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"\23\4>\4A\4B\4L\4"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\30\0043\4@\4K\4"="!B0=40@B=K5\3@K"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Games\\MassEfct\\Binaries\\MassEffect.exe"="D:\\Games\\MassEfct\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect"
"D:\\Games\\FlatOut Ultimate Carnage\\Fouc.exe"="D:\\Games\\FlatOut Ultimate Carnage\\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sat 15 Nov 2008         4,934 ...HR --- "C:\Documents and Settings\\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]

