:C

1. Attempted file edits/reads
2.  
3. C:\WINDOWS\_default.pif
4. C:\DosDevices\A:
5. C:\DosDevices\B:
6. C:\MSDOS.SYS
7. C:\IO.SYS
8. C:\WINDOWS\system32\ntio.sys
9. C:\WINDOWS\system32\ntdos.sys
10. C:\
11. C:\WINDOWS\SYSTEM32\CONFIG.NT
12. C:\WINDOWS\TEMP\scs1.tmp
13. C:\WINDOWS\TEMP\SCS1.TMP
14. C:\WINDOWS\SYSTEM32\HIMEM.SYS
15. C:\WINDOWS\SYSTEM32\COUNTRY.SYS
16. C:\DosDevices\C:
17. C:\WINDOWS\SYSTEM32\COMMAND.COM
18. C:\WINDOWS\SYSTEM32
19. C:\WINDOWS\SYSTEM32\AUTOEXEC.NT
20. C:\WINDOWS\TEMP\scs2.tmp
21. C:\WINDOWS\TEMP\SCS2.TMP
22. C:\Documents and Settings
23. C:\Documents and Settings\All Users
24. C:\Documents and Settings\User\Application Data
25. C:\Program Files
26. C:\Program Files\Common Files
27. MSCDEXNT.EXE
28. C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
29. REDIR">>>
30. C:\WINDOWS\SYSTEM32\REDIR.EXE
31. DOSX">>>
32. C:\WINDOWS\SYSTEM32\DOSX.EXE
33. C:\WINDOWS\SYSTEM.INI
34. C:\DOCUME~1\User\LOCALS~1\Temp
35. C:\DOCUME~1\USER\LOCALS~1\TEMP\RAIDCA~1.EXE
36. A:
37. B:
38. E:
39. F:
40. G:
41. H:
42. I:
43. J:
44. K:
45. L:
46. M:
47. N:
48. O:
49. P:
50. Q:
51. R:
52. S:
53. T:
54. U:
55. V:
56. W:
57. X:
58. Y:
59. Z:
60.  
61. REG Keys modified;
62.  
63. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wow\CpuEnv
64. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\Console
65. HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
66. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
67. HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\SYSTEM
68. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
69. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
70. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server
71. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment