FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillFiles.60251

Added to the Dr.Web virus database: 2016-11-15

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Okl' = '<Full path to file>'
Malicious functions:
Executes the following:
  • '<SYSTEM32>\cmd.exe' /C del E:\*.inf/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.lnk/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.com/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.ini/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.bat/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.com/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.exe/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.sys/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.bat/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.com/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.ini/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.sys/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.bat/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.exe/q /s
  • '<SYSTEM32>\cmd.exe' /C del E:\*.sys/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.inf/q /s
  • '<SYSTEM32>\cmd.exe' /C del Z:\*.lnk/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.ini/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.bat/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.com/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.exe/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.sys/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.lnk/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.exe/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.ini/q /s
  • '<SYSTEM32>\cmd.exe' /C del A:\*.inf/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.lnk/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.exe/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.sys/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.inf/q /s
  • '<SYSTEM32>\cmd.exe' /C del D:\*.lnk/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.ini/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.inf/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.bat/q /s
  • '<SYSTEM32>\cmd.exe' /C del C:\*.com/q /s
Modifies file system:
Creates the following files:
  • <SYSTEM32>\dllcache\agentsvr.exe.new
  • <SYSTEM32>\finger.exe.new
  • <SYSTEM32>\find.exe.new
  • <SYSTEM32>\findstr.exe.new
  • <SYSTEM32>\fltmc.exe.new
  • <SYSTEM32>\fontview.exe.new
  • <SYSTEM32>\fixmapi.exe.new
  • <SYSTEM32>\dllcache\muisetup.exe.new
  • <SYSTEM32>\eventvwr.exe.new
  • <SYSTEM32>\exe2bin.exe.new
  • <SYSTEM32>\esentutl.exe.new
  • <SYSTEM32>\eudcedit.exe.new
  • <SYSTEM32>\fastopen.exe.new
  • <SYSTEM32>\fc.exe.new
  • <SYSTEM32>\expand.exe.new
  • <SYSTEM32>\extrac32.exe.new
  • <SYSTEM32>\dllcache\hscupd.exe.new
  • <SYSTEM32>\gpupdate.exe.new
  • <SYSTEM32>\dllcache\helpsvc.exe.new
  • <SYSTEM32>\gpresult.exe.new
  • <SYSTEM32>\hostname.exe.new
  • <SYSTEM32>\dllcache\msconfig.exe.new
  • <SYSTEM32>\grpconv.exe.new
  • <SYSTEM32>\help.exe.new
  • <SYSTEM32>\freecell.exe.new
  • <SYSTEM32>\dllcache\helphost.exe.new
  • <SYSTEM32>\forcedos.exe.new
  • <SYSTEM32>\dllcache\helpctr.exe.new
  • <SYSTEM32>\gdi.exe.new
  • <SYSTEM32>\getmac.exe.new
  • <SYSTEM32>\fsutil.exe.new
  • <SYSTEM32>\ftp.exe.new
  • <SYSTEM32>\defrag.exe.new
  • <SYSTEM32>\dfrgfat.exe.new
  • <SYSTEM32>\ddeshare.exe.new
  • <SYSTEM32>\debug.exe.new
  • <SYSTEM32>\diskpart.exe.new
  • <SYSTEM32>\diskperf.exe.new
  • <SYSTEM32>\dfrgntfs.exe.new
  • <SYSTEM32>\diantz.exe.new
  • <SYSTEM32>\comp.exe.new
  • <SYSTEM32>\compact.exe.new
  • <SYSTEM32>\cmmon32.exe.new
  • <SYSTEM32>\cmstp.exe.new
  • <SYSTEM32>\convert.exe.new
  • <SYSTEM32>\dcomcnfg.exe.new
  • <SYSTEM32>\conime.exe.new
  • <SYSTEM32>\control.exe.new
  • <SYSTEM32>\drwtsn32.exe.new
  • <SYSTEM32>\dumprep.exe.new
  • <SYSTEM32>\dpvsetup.exe.new
  • <SYSTEM32>\drwatson.exe.new
  • <SYSTEM32>\dxdiag.exe.new
  • <SYSTEM32>\edlin.exe.new
  • <SYSTEM32>\dvdupgrd.exe.new
  • <SYSTEM32>\dwwin.exe.new
  • <SYSTEM32>\dmadmin.exe.new
  • <SYSTEM32>\dmremote.exe.new
  • <SYSTEM32>\dllhost.exe.new
  • <SYSTEM32>\dllhst3g.exe.new
  • <SYSTEM32>\dplaysvr.exe.new
  • <SYSTEM32>\dpnsvr.exe.new
  • <SYSTEM32>\doskey.exe.new
  • <SYSTEM32>\dosx.exe.new
  • <SYSTEM32>\dllcache\notiflag.exe.new
  • <SYSTEM32>\mshearts.exe.new
  • <SYSTEM32>\mshta.exe.new
  • <SYSTEM32>\msdtc.exe.new
  • <SYSTEM32>\msg.exe.new
  • <SYSTEM32>\mspaint.exe.new
  • <SYSTEM32>\dllcache\asr_pfu.exe.new
  • <SYSTEM32>\dllcache\asr_ldm.exe.new
  • <SYSTEM32>\msiexec.exe.new
  • <SYSTEM32>\dllcache\arp.exe.new
  • <SYSTEM32>\mqsvc.exe.new
  • <SYSTEM32>\mpnotify.exe.new
  • <SYSTEM32>\mqbkup.exe.new
  • <SYSTEM32>\mscdexnt.exe.new
  • <SYSTEM32>\dllcache\asr_fmt.exe.new
  • <SYSTEM32>\mqtgsvc.exe.new
  • <SYSTEM32>\mrinfo.exe.new
  • <SYSTEM32>\netdde.exe.new
  • <SYSTEM32>\dllcache\attrib.exe.new
  • <SYSTEM32>\dllcache\atmadm.exe.new
  • <SYSTEM32>\net1.exe.new
  • <SYSTEM32>\netstat.exe.new
  • <SYSTEM32>\dllcache\auditusr.exe.new
  • <SYSTEM32>\netsetup.exe.new
  • <SYSTEM32>\netsh.exe.new
  • <SYSTEM32>\mstsc.exe.new
  • <SYSTEM32>\narrator.exe.new
  • <SYSTEM32>\msswchx.exe.new
  • <SYSTEM32>\mstinit.exe.new
  • <SYSTEM32>\nddeapir.exe.new
  • <SYSTEM32>\net.exe.new
  • <SYSTEM32>\dllcache\at.exe.new
  • <SYSTEM32>\nbtstat.exe.new
  • <SYSTEM32>\lights.exe.new
  • <SYSTEM32>\lnkstub.exe.new
  • <SYSTEM32>\krnl386.exe.new
  • <SYSTEM32>\label.exe.new
  • <SYSTEM32>\logagent.exe.new
  • <SYSTEM32>\logman.exe.new
  • <SYSTEM32>\locator.exe.new
  • <SYSTEM32>\lodctr.exe.new
  • <SYSTEM32>\imapi.exe.new
  • <SYSTEM32>\dllcache\uploadm.exe.new
  • <SYSTEM32>\ie4uinit.exe.new
  • <SYSTEM32>\iexpress.exe.new
  • <SYSTEM32>\ipv6.exe.new
  • <SYSTEM32>\ipxroute.exe.new
  • <SYSTEM32>\ipconfig.exe.new
  • <SYSTEM32>\ipsec6.exe.new
  • <SYSTEM32>\dllcache\ahui.exe.new
  • <SYSTEM32>\mnmsrvc.exe.new
  • <SYSTEM32>\dllcache\actmovie.exe.new
  • <SYSTEM32>\mmc.exe.new
  • <SYSTEM32>\mountvol.exe.new
  • <SYSTEM32>\mplay32.exe.new
  • <SYSTEM32>\mobsync.exe.new
  • <SYSTEM32>\dllcache\append.exe.new
  • <SYSTEM32>\lpq.exe.new
  • <SYSTEM32>\lpr.exe.new
  • <SYSTEM32>\logoff.exe.new
  • <SYSTEM32>\logonui.exe.new
  • <SYSTEM32>\makecab.exe.new
  • <SYSTEM32>\mem.exe.new
  • <SYSTEM32>\magnify.exe.new
  • <SYSTEM32>\dllcache\accwiz.exe.new
  • <SYSTEM32>\dllcache\moviemk.exe.new
  • <SYSTEM32>\dllcache\bckgzm.exe.new
  • <SYSTEM32>\dllcache\inetwiz.exe.new
  • <SYSTEM32>\dllcache\isignup.exe.new
  • <SYSTEM32>\dllcache\rvsezm.exe.new
  • <SYSTEM32>\dllcache\shvlzm.exe.new
  • <SYSTEM32>\dllcache\chkrzm.exe.new
  • <SYSTEM32>\dllcache\hrtzzm.exe.new
  • <SYSTEM32>\dllcache\iedw.exe.new
  • <SYSTEM32>\dllcache\iexplore.exe.new
  • <SYSTEM32>\dllcache\msinfo32.exe.new
  • <SYSTEM32>\dllcache\sapisvr.exe.new
  • <SYSTEM32>\dllcache\icwrmind.exe.new
  • <SYSTEM32>\dllcache\icwtutor.exe.new
  • <SYSTEM32>\dllcache\icwconn1.exe.new
  • <SYSTEM32>\dllcache\icwconn2.exe.new
  • <SYSTEM32>\dllcache\mplayer2.exe.new
  • <SYSTEM32>\dllcache\setup_wm.exe.new
  • <SYSTEM32>\dllcache\wabmig.exe.new
  • <SYSTEM32>\dllcache\migrate.exe.new
  • <SYSTEM32>\dllcache\wordpad.exe.new
  • <SYSTEM32>\dllcache\pinball.exe.new
  • <SYSTEM32>\dllcache\wmplayer.exe.new
  • <SYSTEM32>\dllcache\dialer.exe.new
  • <SYSTEM32>\dllcache\conf.exe.new
  • <SYSTEM32>\dllcache\wb32.exe.new
  • <SYSTEM32>\dllcache\zclientm.exe.new
  • <SYSTEM32>\dllcache\cb32.exe.new
  • <SYSTEM32>\dllcache\setup50.exe.new
  • <SYSTEM32>\dllcache\wab.exe.new
  • <SYSTEM32>\dllcache\msimn.exe.new
  • <SYSTEM32>\dllcache\oemig50.exe.new
  • %ProgramFiles%\Movie Maker\moviemk.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\bckgzm.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\rvsezm.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\shvlzm.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\chkrzm.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\hrtzzm.exe.new
  • %ProgramFiles%\Internet Explorer\iedw.exe.new
  • %ProgramFiles%\Internet Explorer\iexplore.exe.new
  • %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe.new
  • %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe.new
  • %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe.new
  • %ProgramFiles%\Windows Media Player\mplayer2.exe.new
  • %ProgramFiles%\Windows Media Player\setup_wm.exe.new
  • %ProgramFiles%\Outlook Express\wabmig.exe.new
  • %ProgramFiles%\Windows Media Player\migrate.exe.new
  • %ProgramFiles%\Windows NT\Accessories\wordpad.exe.new
  • %ProgramFiles%\Windows NT\Pinball\pinball.exe.new
  • %ProgramFiles%\Windows Media Player\wmplayer.exe.new
  • %ProgramFiles%\Windows NT\dialer.exe.new
  • %ProgramFiles%\NetMeeting\conf.exe.new
  • %ProgramFiles%\NetMeeting\wb32.exe.new
  • %ProgramFiles%\MSN Gaming Zone\Windows\zclientm.exe.new
  • %ProgramFiles%\NetMeeting\cb32.exe.new
  • %ProgramFiles%\Outlook Express\setup50.exe.new
  • %ProgramFiles%\Outlook Express\wab.exe.new
  • %ProgramFiles%\Outlook Express\msimn.exe.new
  • %ProgramFiles%\Outlook Express\oemig50.exe.new
  • %WINDIR%\hh.exe.new
  • <SYSTEM32>\auditusr.exe.new
  • <SYSTEM32>\autochk.exe.new
  • <SYSTEM32>\atmadm.exe.new
  • <SYSTEM32>\attrib.exe.new
  • <SYSTEM32>\autolfn.exe.new
  • <SYSTEM32>\blastcln.exe.new
  • <SYSTEM32>\autoconv.exe.new
  • <SYSTEM32>\autofmt.exe.new
  • <SYSTEM32>\append.exe.new
  • <SYSTEM32>\arp.exe.new
  • <SYSTEM32>\actmovie.exe.new
  • <SYSTEM32>\ahui.exe.new
  • <SYSTEM32>\asr_pfu.exe.new
  • <SYSTEM32>\at.exe.new
  • <SYSTEM32>\asr_fmt.exe.new
  • <SYSTEM32>\asr_ldm.exe.new
  • <SYSTEM32>\cisvc.exe.new
  • <SYSTEM32>\ckcnv.exe.new
  • <SYSTEM32>\cidaemon.exe.new
  • <SYSTEM32>\cipher.exe.new
  • <SYSTEM32>\clipsrv.exe.new
  • <SYSTEM32>\cmdl32.exe.new
  • <SYSTEM32>\cleanmgr.exe.new
  • <SYSTEM32>\clipbrd.exe.new
  • <SYSTEM32>\bootvrfy.exe.new
  • <SYSTEM32>\cacls.exe.new
  • <SYSTEM32>\bootcfg.exe.new
  • <SYSTEM32>\bootok.exe.new
  • <SYSTEM32>\chkdsk.exe.new
  • <SYSTEM32>\chkntfs.exe.new
  • <SYSTEM32>\calc.exe.new
  • <SYSTEM32>\charmap.exe.new
  • <SYSTEM32>\dllcache\taskman.exe.new
  • <SYSTEM32>\dllcache\twunk_16.exe.new
  • <SYSTEM32>\dllcache\notepad.exe.new
  • <SYSTEM32>\dllcache\regedit.exe.new
  • <SYSTEM32>\dllcache\winhlp32.exe.new
  • %WINDIR%\Help\Tours\mmTour\tour.exe.new
  • <SYSTEM32>\dllcache\twunk_32.exe.new
  • <SYSTEM32>\dllcache\winhelp.exe.new
  • %WINDIR%\taskman.exe.new
  • %WINDIR%\twunk_16.exe.new
  • %WINDIR%\notepad.exe.new
  • %WINDIR%\regedit.exe.new
  • %WINDIR%\winhlp32.exe.new
  • <SYSTEM32>\dllcache\hh.exe.new
  • %WINDIR%\twunk_32.exe.new
  • %WINDIR%\winhelp.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\helpsvc.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\hscupd.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\helpctr.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\helphost.exe.new
  • %WINDIR%\pchealth\UploadLB\Binaries\uploadm.exe.new
  • <SYSTEM32>\accwiz.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\msconfig.exe.new
  • %WINDIR%\pchealth\helpctr\binaries\notiflag.exe.new
  • C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
  • <SYSTEM32>\dllcache\tourW.exe.new
  • %WINDIR%\inf\unregmp2.exe.new
  • <SYSTEM32>\watchdog.sys.new
  • %WINDIR%\msagent\agentsvr.exe.new
  • %WINDIR%\mui\muisetup.exe.new
  • <SYSTEM32>\dllcache\unregmp2.exe.new
  • <SYSTEM32>\dllcache\watchdog.sys.new
Deletes the following files:
  • <SYSTEM32>\rsvp.exe
  • %WINDIR%\inf\netf56n5.inf
  • %WINDIR%\inf\netfa312.inf
  • <SYSTEM32>\rsnotify.exe
  • %WINDIR%\inf\netex10.inf
  • <SYSTEM32>\rsopprov.exe
  • <SYSTEM32>\rtcshare.exe
  • <SYSTEM32>\rundll32.exe
  • %WINDIR%\inf\netfjvj.inf
  • <SYSTEM32>\runonce.exe
  • <SYSTEM32>\runas.exe
  • %WINDIR%\inf\netfa410.inf
  • %WINDIR%\inf\netfjvi.inf
  • %WINDIR%\inf\netepvcp.inf
  • <SYSTEM32>\routemon.exe
  • %WINDIR%\inf\netel980.inf
  • <SYSTEM32>\rsh.exe
  • <SYSTEM32>\rexec.exe
  • %WINDIR%\inf\netel90b.inf
  • <SYSTEM32>\route.exe
  • %WINDIR%\inf\netel99x.inf
  • %WINDIR%\inf\netepro.inf
  • %WINDIR%\inf\netepvcm.inf
  • <SYSTEM32>\rsmui.exe
  • %WINDIR%\inf\netepicn.inf
  • <SYSTEM32>\rsm.exe
  • <SYSTEM32>\rsmsink.exe
  • %WINDIR%\inf\netfore.inf
  • %WINDIR%\inf\netirda.inf
  • %WINDIR%\inf\netirsir.inf
  • <SYSTEM32>\sessmgr.exe
  • <SYSTEM32>\secedit.exe
  • %WINDIR%\inf\netiprip.inf
  • <SYSTEM32>\services.exe
  • %WINDIR%\inf\netklsi.inf
  • %WINDIR%\inf\netlanem.inf
  • %WINDIR%\inf\netlanep.inf
  • <SYSTEM32>\setver.exe
  • <SYSTEM32>\sethc.exe
  • %WINDIR%\inf\netktc.inf
  • <SYSTEM32>\setup.exe
  • <SYSTEM32>\sdbinst.exe
  • <SYSTEM32>\savedump.exe
  • %WINDIR%\inf\netfxocm.inf
  • %WINDIR%\inf\netgpc.inf
  • %WINDIR%\inf\netforeh.inf
  • <SYSTEM32>\rwinsta.exe
  • %WINDIR%\inf\netfw.inf
  • <SYSTEM32>\sc.exe
  • <SYSTEM32>\schtasks.exe
  • %WINDIR%\inf\netibm2.inf
  • %WINDIR%\inf\netip6.inf
  • %WINDIR%\inf\netias.inf
  • <SYSTEM32>\scardsvr.exe
  • %WINDIR%\inf\netibm.inf
  • %WINDIR%\inf\netcis.inf
  • <SYSTEM32>\rasautou.exe
  • %WINDIR%\inf\netclass.inf
  • %WINDIR%\inf\netcem56.inf
  • %WINDIR%\inf\netcicap.inf
  • <SYSTEM32>\qwinsta.exe
  • <SYSTEM32>\rasdial.exe
  • <SYSTEM32>\rcimlby.exe
  • %WINDIR%\inf\netcpqi.inf
  • <SYSTEM32>\rcp.exe
  • <SYSTEM32>\rasphone.exe
  • %WINDIR%\inf\netcpqc.inf
  • %WINDIR%\inf\netcpqg.inf
  • <SYSTEM32>\qprocess.exe
  • <SYSTEM32>\print.exe
  • <SYSTEM32>\progman.exe
  • %WINDIR%\inf\netcbe.inf
  • %WINDIR%\inf\netcb102.inf
  • <SYSTEM32>\PresentationHost.exe
  • %WINDIR%\inf\netcb325.inf
  • %WINDIR%\inf\netce2.inf
  • %WINDIR%\inf\netcem28.inf
  • <SYSTEM32>\qappsrv.exe
  • %WINDIR%\inf\netcem33.inf
  • <SYSTEM32>\proquota.exe
  • <SYSTEM32>\proxycfg.exe
  • %WINDIR%\inf\netce3.inf
  • %WINDIR%\inf\netcpqmt.inf
  • %WINDIR%\inf\nete100i.inf
  • <SYSTEM32>\regwiz.exe
  • %WINDIR%\inf\netejxmp.inf
  • %WINDIR%\inf\nete1000.inf
  • <SYSTEM32>\regini.exe
  • <SYSTEM32>\regsvr32.exe
  • <SYSTEM32>\relog.exe
  • %WINDIR%\inf\netel5x9.inf
  • %WINDIR%\inf\netel90a.inf
  • <SYSTEM32>\reset.exe
  • %WINDIR%\inf\netel515.inf
  • %WINDIR%\inf\netel574.inf
  • <SYSTEM32>\replace.exe
  • %WINDIR%\inf\netdm.inf
  • <SYSTEM32>\rdsaddin.exe
  • %WINDIR%\inf\netdefxa.inf
  • <SYSTEM32>\rdshost.exe
  • %WINDIR%\inf\netctmrk.inf
  • <SYSTEM32>\rdpclip.exe
  • %WINDIR%\inf\netdav.inf
  • <SYSTEM32>\recover.exe
  • <SYSTEM32>\reg.exe
  • %WINDIR%\inf\netdlh5x.inf
  • <SYSTEM32>\regedt32.exe
  • %WINDIR%\inf\netdf650.inf
  • <SYSTEM32>\redir.exe
  • %WINDIR%\inf\netdgdxb.inf
  • %WINDIR%\inf\netlm.inf
  • <SYSTEM32>\tcmsetup.exe
  • %WINDIR%\inf\netsnip.inf
  • <SYSTEM32>\tcpsvcs.exe
  • %WINDIR%\inf\netsla30.inf
  • %WINDIR%\inf\netsmc.inf
  • <SYSTEM32>\taskmgr.exe
  • %WINDIR%\inf\netsnmp.inf
  • %WINDIR%\inf\nettcpip.inf
  • <SYSTEM32>\tlntadmn.exe
  • %WINDIR%\inf\nettdkb.inf
  • <SYSTEM32>\telnet.exe
  • %WINDIR%\inf\nettb155.inf
  • <SYSTEM32>\tftp.exe
  • <SYSTEM32>\taskman.exe
  • %WINDIR%\inf\netrtsnt.inf
  • %WINDIR%\inf\netrwan.inf
  • %WINDIR%\inf\netsap.inf
  • <SYSTEM32>\sysocmgr.exe
  • %WINDIR%\inf\netrtpnt.inf
  • <SYSTEM32>\systeminfo.exe
  • <SYSTEM32>\systray.exe
  • <SYSTEM32>\tasklist.exe
  • %WINDIR%\inf\netsk98.inf
  • %WINDIR%\inf\netsk_fp.inf
  • %WINDIR%\inf\netserv.inf
  • <SYSTEM32>\taskkill.exe
  • %WINDIR%\inf\netsis.inf
  • <SYSTEM32>\tlntsess.exe
  • <SYSTEM32>\tscupgrd.exe
  • <SYSTEM32>\tsdiscon.exe
  • %WINDIR%\inf\netwlan2.inf
  • %WINDIR%\inf\netw940.inf
  • <SYSTEM32>\tscon.exe
  • %WINDIR%\inf\netwlan.inf
  • <SYSTEM32>\tskill.exe
  • <SYSTEM32>\TsWpfWrp.exe
  • %WINDIR%\inf\netx500.inf
  • %WINDIR%\inf\netx56n5.inf
  • %WINDIR%\inf\netwv48.inf
  • <SYSTEM32>\tsshutdn.exe
  • %WINDIR%\inf\netwzc.inf
  • <SYSTEM32>\tracert6.exe
  • %WINDIR%\inf\nettpsmp.inf
  • <SYSTEM32>\tourstart.exe
  • %WINDIR%\inf\nettun.inf
  • %WINDIR%\inf\nettiger.inf
  • <SYSTEM32>\tlntsvr.exe
  • %WINDIR%\inf\nettpro.inf
  • %WINDIR%\inf\netupnp.inf
  • %WINDIR%\inf\netw840.inf
  • <SYSTEM32>\tracert.exe
  • %WINDIR%\inf\netw926.inf
  • %WINDIR%\inf\netupnph.inf
  • <SYSTEM32>\tracerpt.exe
  • %WINDIR%\inf\netvt86.inf
  • <SYSTEM32>\smbinst.exe
  • %WINDIR%\inf\netngr.inf
  • <SYSTEM32>\smlogsvc.exe
  • <SYSTEM32>\skeys.exe
  • %WINDIR%\inf\netnb.inf
  • %WINDIR%\inf\netnf3.inf
  • %WINDIR%\inf\netnm.inf
  • %WINDIR%\inf\netnwcli.inf
  • <SYSTEM32>\sndvol32.exe
  • <SYSTEM32>\sol.exe
  • <SYSTEM32>\smss.exe
  • %WINDIR%\inf\netnovel.inf
  • <SYSTEM32>\sndrec32.exe
  • %WINDIR%\inf\netmscli.inf
  • <SYSTEM32>\share.exe
  • <SYSTEM32>\shmgrate.exe
  • %WINDIR%\inf\netlnev2.inf
  • <SYSTEM32>\sfc.exe
  • <SYSTEM32>\shadow.exe
  • %WINDIR%\inf\netlm56.inf
  • <SYSTEM32>\shrpubw.exe
  • %WINDIR%\inf\netmadge.inf
  • <SYSTEM32>\sigverif.exe
  • %WINDIR%\inf\netmhzn5.inf
  • %WINDIR%\inf\netloop.inf
  • <SYSTEM32>\shutdown.exe
  • %WINDIR%\inf\netlpd.inf
  • %WINDIR%\inf\netnwlnk.inf
  • <SYSTEM32>\subst.exe
  • %WINDIR%\inf\netrass.inf
  • <SYSTEM32>\svchost.exe
  • %WINDIR%\inf\netpwr2.inf
  • %WINDIR%\inf\netrasa.inf
  • <SYSTEM32>\stimon.exe
  • <SYSTEM32>\syncapp.exe
  • %WINDIR%\inf\netrndis.inf
  • <SYSTEM32>\syskey.exe
  • %WINDIR%\inf\netrsvp.inf
  • %WINDIR%\inf\netrast.inf
  • <SYSTEM32>\sysedit.exe
  • %WINDIR%\inf\netrlw2k.inf
  • %WINDIR%\inf\netpschd.inf
  • %WINDIR%\inf\netosi2c.inf
  • %WINDIR%\inf\netosi5.inf
  • <SYSTEM32>\spiisupd.exe
  • <SYSTEM32>\sort.exe
  • %WINDIR%\inf\netoc.inf
  • <SYSTEM32>\spider.exe
  • %WINDIR%\inf\netpc100.inf
  • %WINDIR%\inf\netpsa.inf
  • <SYSTEM32>\sprestrt.exe
  • <SYSTEM32>\spupdsvc.exe
  • <SYSTEM32>\spnpinst.exe
  • %WINDIR%\inf\netpnic.inf
  • <SYSTEM32>\spoolsv.exe
  • <SYSTEM32>\powercfg.exe
  • %WINDIR%\inf\msoe50.inf
  • <SYSTEM32>\mmc.exe
  • %WINDIR%\inf\msports.inf
  • <SYSTEM32>\migpwd.exe
  • <DRIVERS>\riodrv.sys
  • %WINDIR%\inf\msnmsn.inf
  • <DRIVERS>\RMCast.sys
  • <DRIVERS>\rootmdm.sys
  • %WINDIR%\inf\msrio8.inf
  • <SYSTEM32>\mobsync.exe
  • %WINDIR%\inf\msrio.inf
  • <DRIVERS>\rndismp.sys
  • <SYSTEM32>\mnmsrvc.exe
  • <DRIVERS>\rio8drv.sys
  • <DRIVERS>\rdpwd.sys
  • <SYSTEM32>\lpr.exe
  • <SYSTEM32>\lsass.exe
  • %WINDIR%\inf\msmscsi.inf
  • <SYSTEM32>\lpq.exe
  • %WINDIR%\inf\msmsgs.inf
  • <SYSTEM32>\magnify.exe
  • %WINDIR%\inf\msnetmtg.inf
  • <SYSTEM32>\mem.exe
  • %WINDIR%\inf\msnike.inf
  • %WINDIR%\inf\msmusb.inf
  • <DRIVERS>\redbook.sys
  • <SYSTEM32>\makecab.exe
  • %WINDIR%\inf\mstape.inf
  • %WINDIR%\inf\multiprt.inf
  • <DRIVERS>\sffp_sd.sys
  • <SYSTEM32>\mscdexnt.exe
  • %WINDIR%\inf\multimed.inf
  • <SYSTEM32>\mrinfo.exe
  • <DRIVERS>\sffdisk.sys
  • %WINDIR%\inf\mwavmdm1.inf
  • <DRIVERS>\smclib.sys
  • %WINDIR%\inf\mwremove.inf
  • <DRIVERS>\sonydcam.sys
  • <DRIVERS>\sfloppy.sys
  • <SYSTEM32>\msdtc.exe
  • %WINDIR%\inf\mwmbatam.inf
  • <SYSTEM32>\mqtgsvc.exe
  • <DRIVERS>\sdbus.sys
  • %WINDIR%\inf\mstask.inf
  • <SYSTEM32>\mpnotify.exe
  • <DRIVERS>\scsiport.sys
  • <SYSTEM32>\mountvol.exe
  • <SYSTEM32>\mplay32.exe
  • %WINDIR%\inf\msxpsdrv.inf
  • <SYSTEM32>\mqsvc.exe
  • %WINDIR%\inf\mtxvideo.inf
  • <DRIVERS>\serial.sys
  • <DRIVERS>\secdrv.sys
  • <SYSTEM32>\mqbkup.exe
  • <DRIVERS>\serenum.sys
  • %WINDIR%\inf\monitor7.inf
  • <DRIVERS>\processr.sys
  • <SYSTEM32>\ipsec6.exe
  • <SYSTEM32>\ipconfig.exe
  • %WINDIR%\inf\monitor6.inf
  • <DRIVERS>\pcmcia.sys
  • %WINDIR%\inf\monitor8.inf
  • <SYSTEM32>\ipxroute.exe
  • <DRIVERS>\ptilink.sys
  • <SYSTEM32>\krnl386.exe
  • <SYSTEM32>\ipv6.exe
  • <DRIVERS>\psched.sys
  • %WINDIR%\inf\moviemk.inf
  • <DRIVERS>\pciidex.sys
  • <SYSTEM32>\icardagt.exe
  • %WINDIR%\inf\monitor2.inf
  • %WINDIR%\inf\monitor3.inf
  • %WINDIR%\inf\monitor.inf
  • <DRIVERS>\parport.sys
  • <DRIVERS>\partmgr.sys
  • <SYSTEM32>\ie4uinit.exe
  • <SYSTEM32>\iexpress.exe
  • <SYSTEM32>\imapi.exe
  • %WINDIR%\inf\monitor5.inf
  • <DRIVERS>\parvdm.sys
  • %WINDIR%\inf\monitor4.inf
  • <DRIVERS>\pci.sys
  • %WINDIR%\inf\mpe.inf
  • <DRIVERS>\rdbss.sys
  • <SYSTEM32>\logagent.exe
  • %WINDIR%\inf\msinfo32.inf
  • <DRIVERS>\rawwan.sys
  • <SYSTEM32>\lodctr.exe
  • %WINDIR%\inf\mshdc.inf
  • <SYSTEM32>\logman.exe
  • <SYSTEM32>\logonui.exe
  • <DRIVERS>\rdpdr.sys
  • %WINDIR%\inf\msmqocm.inf
  • %WINDIR%\inf\msmouse.inf
  • <DRIVERS>\rdpcdd.sys
  • <SYSTEM32>\logoff.exe
  • %WINDIR%\inf\msdv.inf
  • <SYSTEM32>\lights.exe
  • <DRIVERS>\rasl2tp.sys
  • %WINDIR%\inf\mpsstln.inf
  • <SYSTEM32>\label.exe
  • <DRIVERS>\rasacd.sys
  • %WINDIR%\inf\mplayer2.inf
  • <SYSTEM32>\lnkstub.exe
  • <DRIVERS>\raspptp.sys
  • <DRIVERS>\raspti.sys
  • %WINDIR%\inf\mscpqpa1.inf
  • <DRIVERS>\raspppoe.sys
  • %WINDIR%\inf\mqsysoc.inf
  • <SYSTEM32>\locator.exe
  • <SYSTEM32>\msg.exe
  • %WINDIR%\inf\netambi.inf
  • <DRIVERS>\volsnap.sys
  • <SYSTEM32>\ntvdm.exe
  • %WINDIR%\inf\netali.inf
  • <DRIVERS>\videoprt.sys
  • <SYSTEM32>\ntsd.exe
  • %WINDIR%\inf\netamd.inf
  • %WINDIR%\inf\netamd2.inf
  • %WINDIR%\inf\netamdhl.inf
  • <DRIVERS>\wmilib.sys
  • <SYSTEM32>\nw16.exe
  • <DRIVERS>\wanarp.sys
  • <SYSTEM32>\nwscript.exe
  • <SYSTEM32>\ntoskrnl.exe
  • <SYSTEM32>\notepad.exe
  • <DRIVERS>\usbintel.sys
  • <SYSTEM32>\nslookup.exe
  • <DRIVERS>\usbcamd.sys
  • %WINDIR%\inf\net656n5.inf
  • <DRIVERS>\usbcamd2.sys
  • <SYSTEM32>\ntbackup.exe
  • <DRIVERS>\vga.sys
  • <SYSTEM32>\ntkrnlpa.exe
  • %WINDIR%\inf\net8511.inf
  • %WINDIR%\inf\net713.inf
  • <DRIVERS>\vdmindvd.sys
  • %WINDIR%\inf\net83820.inf
  • <SYSTEM32>\odbcad32.exe
  • %WINDIR%\inf\netbcm4p.inf
  • <SYSTEM32>\pentnt.exe
  • %WINDIR%\inf\netbcm4u.inf
  • <SYSTEM32>\packager.exe
  • %WINDIR%\inf\netbcm4e.inf
  • <SYSTEM32>\pathping.exe
  • %WINDIR%\inf\netbeac.inf
  • %WINDIR%\inf\netbrdgs.inf
  • <SYSTEM32>\ping6.exe
  • %WINDIR%\inf\netbrzw.inf
  • <SYSTEM32>\perfmon.exe
  • %WINDIR%\inf\netbrdgm.inf
  • <SYSTEM32>\ping.exe
  • <DRIVERS>\xxx_svga.sys
  • <SYSTEM32>\openfiles.exe
  • %WINDIR%\inf\netana.inf
  • <DRIVERS>\xrwebvirtnet.sys
  • <SYSTEM32>\odbcconf.exe
  • %WINDIR%\inf\netan983.inf
  • <DRIVERS>\ws2ifsl.sys
  • <SYSTEM32>\osk.exe
  • %WINDIR%\inf\netauni.inf
  • <DRIVERS>\XXSCSI.sys
  • %WINDIR%\inf\netb57xp.inf
  • %WINDIR%\inf\netasp2k.inf
  • <DRIVERS>\xxhgfs.sys
  • <SYSTEM32>\osuninst.exe
  • %WINDIR%\inf\neo20xx.inf
  • <DRIVERS>\tcpip.sys
  • <DRIVERS>\tcpip6.sys
  • <DRIVERS>\tape.sys
  • %WINDIR%\inf\ndisuio.inf
  • <SYSTEM32>\msswchx.exe
  • <SYSTEM32>\mstinit.exe
  • <SYSTEM32>\narrator.exe
  • %WINDIR%\inf\net1394.inf
  • <SYSTEM32>\nbtstat.exe
  • %WINDIR%\inf\net10.inf
  • <DRIVERS>\tdi.sys
  • <SYSTEM32>\mstsc.exe
  • %WINDIR%\inf\ndisip.inf
  • %WINDIR%\inf\mxboard.inf
  • <SYSTEM32>\mshta.exe
  • %WINDIR%\inf\mxport.inf
  • %WINDIR%\inf\mwtpdsp.inf
  • <DRIVERS>\sr.sys
  • <SYSTEM32>\mshearts.exe
  • <DRIVERS>\srv.sys
  • <DRIVERS>\stream.sys
  • <SYSTEM32>\mspaint.exe
  • <DRIVERS>\swenum.sys
  • %WINDIR%\inf\mymusic.inf
  • <SYSTEM32>\msiexec.exe
  • %WINDIR%\inf\nabtsfec.inf
  • <DRIVERS>\tdpipe.sys
  • %WINDIR%\inf\net559ib.inf
  • <DRIVERS>\udfs.sys
  • <DRIVERS>\update.sys
  • <DRIVERS>\tunmp.sys
  • %WINDIR%\inf\net557.inf
  • <SYSTEM32>\netsetup.exe
  • %WINDIR%\inf\net575nt.inf
  • %WINDIR%\inf\net650d.inf
  • <SYSTEM32>\nlsfunc.exe
  • %WINDIR%\inf\net656c5.inf
  • <SYSTEM32>\netsh.exe
  • <SYSTEM32>\netstat.exe
  • <DRIVERS>\usb8023.sys
  • %WINDIR%\inf\net5515n.inf
  • %WINDIR%\inf\net21x4.inf
  • %WINDIR%\inf\net3c556.inf
  • %WINDIR%\inf\net3c589.inf
  • <DRIVERS>\tdtcp.sys
  • <SYSTEM32>\nddeapir.exe
  • <DRIVERS>\termdd.sys
  • <SYSTEM32>\net.exe
  • %WINDIR%\inf\net3sr.inf
  • <DRIVERS>\tsbvcap.sys
  • <SYSTEM32>\netdde.exe
  • <DRIVERS>\tosdvd.sys
  • %WINDIR%\inf\net3c985.inf
  • <SYSTEM32>\net1.exe
  • <SYSTEM32>\dllcache\evntcmd.exe
  • <SYSTEM32>\dllcache\evntwin.exe
  • <SYSTEM32>\dllcache\evtrig.exe
  • <SYSTEM32>\dllcache\eudcedit.exe
  • <SYSTEM32>\dllcache\evcreate.exe
  • <SYSTEM32>\dllcache\eventvwr.exe
  • <SYSTEM32>\dllcache\EXCH_regtrace.exe
  • <SYSTEM32>\dllcache\extrac32.exe
  • <SYSTEM32>\dllcache\fastopen.exe
  • <SYSTEM32>\dllcache\fc.exe
  • <SYSTEM32>\dllcache\exe2bin.exe
  • <SYSTEM32>\dllcache\expand.exe
  • <SYSTEM32>\dllcache\explorer.exe
  • <SYSTEM32>\dllcache\esentutl.exe
  • <SYSTEM32>\dllcache\dpvsetup.exe
  • %WINDIR%\inf\xscan_xp.inf
  • <SYSTEM32>\dllcache\drvqry.exe
  • <SYSTEM32>\dllcache\dpnsvr.exe
  • %WINDIR%\inf\wtv4.inf
  • %WINDIR%\inf\wtv5.inf
  • <SYSTEM32>\dllcache\drwatson.exe
  • <SYSTEM32>\dllcache\dwwin.exe
  • <SYSTEM32>\dllcache\dxdiag.exe
  • <SYSTEM32>\dllcache\edlin.exe
  • <SYSTEM32>\dllcache\drwtsn32.exe
  • <SYSTEM32>\dllcache\dumprep.exe
  • <SYSTEM32>\dllcache\dvdupgrd.exe
  • <SYSTEM32>\dllcache\find.exe
  • <SYSTEM32>\dllcache\fxscover.exe
  • <SYSTEM32>\dllcache\fxssend.exe
  • <SYSTEM32>\dllcache\fxssvc.exe
  • <SYSTEM32>\dllcache\fsutil.exe
  • <SYSTEM32>\dllcache\ftp.exe
  • <SYSTEM32>\dllcache\fxsclnt.exe
  • <SYSTEM32>\dllcache\gdi.exe
  • <SYSTEM32>\dllcache\grpconv.exe
  • <SYSTEM32>\dllcache\help.exe
  • <SYSTEM32>\dllcache\helpctr.exe
  • <SYSTEM32>\dllcache\getmac.exe
  • <SYSTEM32>\dllcache\gprslt.exe
  • <SYSTEM32>\dllcache\gpupdate.exe
  • <SYSTEM32>\dllcache\freecell.exe
  • <SYSTEM32>\dllcache\flattemp.exe
  • %WINDIR%\Driver Cache\i386\mxdwdui.ini
  • <SYSTEM32>\dllcache\fltmc.exe
  • <SYSTEM32>\dllcache\findstr.exe
  • <SYSTEM32>\dllcache\finger.exe
  • <SYSTEM32>\dllcache\fixmapi.exe
  • <SYSTEM32>\dllcache\fontview.exe
  • <SYSTEM32>\dllcache\fpadmcgi.exe
  • <SYSTEM32>\dllcache\fpcount.exe
  • <SYSTEM32>\dllcache\fpremadm.exe
  • <SYSTEM32>\dllcache\forcedos.exe
  • <SYSTEM32>\dllcache\fp98sadm.exe
  • <SYSTEM32>\dllcache\fp98swin.exe
  • %WINDIR%\inf\wfp3.inf
  • <SYSTEM32>\dllcache\ctfmon.exe
  • %WINDIR%\inf\wfp4.inf
  • %WINDIR%\inf\wfp1.inf
  • %WINDIR%\inf\wfp2.inf
  • <SYSTEM32>\dllcache\csrss.exe
  • <SYSTEM32>\dllcache\davcdata.exe
  • %WINDIR%\inf\wfp6.inf
  • <SYSTEM32>\dllcache\debug.exe
  • <SYSTEM32>\dllcache\defrag.exe
  • <SYSTEM32>\dllcache\dcomcnfg.exe
  • %WINDIR%\inf\wfp5.inf
  • <SYSTEM32>\dllcache\ddeshare.exe
  • <SYSTEM32>\dllcache\cscript.exe
  • <SYSTEM32>\dllcache\control.exe
  • %WINDIR%\inf\wdma_via.inf
  • <SYSTEM32>\dllcache\convert.exe
  • %WINDIR%\inf\wdma_sis.inf
  • <SYSTEM32>\dllcache\conime.exe
  • %WINDIR%\inf\wdma_usb.inf
  • %WINDIR%\inf\wdma_ym2.inf
  • %WINDIR%\inf\wdmjoy.inf
  • <SYSTEM32>\dllcache\cprofile.exe
  • %WINDIR%\inf\wfp0.inf
  • <SYSTEM32>\dllcache\convlog.exe
  • <SYSTEM32>\dllcache\cplexe.exe
  • %WINDIR%\inf\wdma_ymh.inf
  • %WINDIR%\inf\wfp7.inf
  • %WINDIR%\inf\wsh.inf
  • <SYSTEM32>\dllcache\dmremote.exe
  • %WINDIR%\inf\wstcodec.inf
  • %WINDIR%\inf\wordpad.inf
  • <SYSTEM32>\dllcache\dllhst3g.exe
  • <SYSTEM32>\dllcache\dmadmin.exe
  • <SYSTEM32>\dllcache\doskey.exe
  • <SYSTEM32>\dllcache\dosx.exe
  • %WINDIR%\inf\wtv3.inf
  • <SYSTEM32>\dllcache\dplaysvr.exe
  • %WINDIR%\inf\wtv0.inf
  • %WINDIR%\inf\wtv1.inf
  • %WINDIR%\inf\wtv2.inf
  • %WINDIR%\inf\wmtour.inf
  • %WINDIR%\inf\wmaccess.inf
  • %WINDIR%\inf\wmdm.inf
  • <SYSTEM32>\dllcache\dialer.exe
  • %WINDIR%\inf\wfp8.inf
  • <SYSTEM32>\dllcache\dfrgfat.exe
  • <SYSTEM32>\dllcache\dfrgntfs.exe
  • <SYSTEM32>\dllcache\diantz.exe
  • %WINDIR%\inf\wmpocm.inf
  • <SYSTEM32>\dllcache\diskperf.exe
  • <SYSTEM32>\dllcache\dllhost.exe
  • %WINDIR%\inf\wmfsdk.inf
  • %WINDIR%\inf\wmp.inf
  • <SYSTEM32>\dllcache\diskpart.exe
  • <SYSTEM32>\dllcache\helphost.exe
  • <SYSTEM32>\dllcache\mscdexnt.exe
  • <SYSTEM32>\dllcache\msconfig.exe
  • <SYSTEM32>\dllcache\msdtc.exe
  • <SYSTEM32>\dllcache\mqsvc.exe
  • <SYSTEM32>\dllcache\mqtgsvc.exe
  • <SYSTEM32>\dllcache\mrinfo.exe
  • <SYSTEM32>\dllcache\msg.exe
  • %WINDIR%\ocx\comct232.inf
  • <SYSTEM32>\dllcache\msimn.exe
  • %WINDIR%\ocx\comct332.inf
  • <SYSTEM32>\dllcache\mshearts.exe
  • <SYSTEM32>\dllcache\mshta.exe
  • <SYSTEM32>\dllcache\msiexec.exe
  • <SYSTEM32>\dllcache\mqbkup.exe
  • <SYSTEM32>\dllcache\migwiz_a.exe
  • <SYSTEM32>\dllcache\mmc.exe
  • <SYSTEM32>\dllcache\mnmsrvc.exe
  • <SYSTEM32>\dllcache\migrate.exe
  • <SYSTEM32>\dllcache\migregdb.exe
  • <SYSTEM32>\dllcache\migwiz.exe
  • <SYSTEM32>\dllcache\mobsync.exe
  • <SYSTEM32>\dllcache\mplay32.exe
  • <SYSTEM32>\dllcache\mplayer2.exe
  • <SYSTEM32>\dllcache\mpnotify.exe
  • <SYSTEM32>\dllcache\mofcomp.exe
  • <SYSTEM32>\dllcache\mountvol.exe
  • <SYSTEM32>\dllcache\moviemk.exe
  • <SYSTEM32>\dllcache\msinfo32.exe
  • <SYSTEM32>\dllcache\narrator.exe
  • %WINDIR%\ocx\mscdrun.inf
  • %WINDIR%\ocx\mschrt20.inf
  • %WINDIR%\ocx\msadodc.inf
  • <SYSTEM32>\dllcache\muisetup.exe
  • %WINDIR%\ocx\msbind.inf
  • <SYSTEM32>\dllcache\nbtstat.exe
  • <SYSTEM32>\dllcache\net.exe
  • <SYSTEM32>\dllcache\net1.exe
  • %WINDIR%\ocx\mscomm32.inf
  • <SYSTEM32>\dllcache\nddeapir.exe
  • %WINDIR%\ocx\mscomct2.inf
  • %WINDIR%\ocx\mscomctl.inf
  • <SYSTEM32>\dllcache\mtstocom.exe
  • %WINDIR%\ocx\dbadapt.inf
  • <SYSTEM32>\dllcache\msoobe.exe
  • <SYSTEM32>\dllcache\mspaint.exe
  • %WINDIR%\ocx\comctl32.inf
  • <SYSTEM32>\dllcache\msiregmv.exe
  • %WINDIR%\ocx\comdlg32.inf
  • %WINDIR%\ocx\dbgrid32.inf
  • <SYSTEM32>\dllcache\mstsc.exe
  • %WINDIR%\ocx\mci32.inf
  • %WINDIR%\ocx\msaddndr.inf
  • <SYSTEM32>\dllcache\msswchx.exe
  • %WINDIR%\ocx\dblist32.inf
  • <SYSTEM32>\dllcache\mstinit.exe
  • <SYSTEM32>\dllcache\imekrmig.exe
  • <SYSTEM32>\dllcache\imepadsv.exe
  • <SYSTEM32>\dllcache\imjpdadm.exe
  • <SYSTEM32>\dllcache\iisrstas.exe
  • <SYSTEM32>\dllcache\iissync.exe
  • <SYSTEM32>\dllcache\imapi.exe
  • <SYSTEM32>\dllcache\imjpdct.exe
  • <SYSTEM32>\dllcache\imjprw.exe
  • <SYSTEM32>\dllcache\imjpuex.exe
  • <SYSTEM32>\dllcache\imjputy.exe
  • <SYSTEM32>\dllcache\imjpdsvr.exe
  • <SYSTEM32>\dllcache\imjpinst.exe
  • <SYSTEM32>\dllcache\imjpmig.exe
  • <SYSTEM32>\dllcache\iisreset.exe
  • <SYSTEM32>\dllcache\hrtzzm.exe
  • <SYSTEM32>\dllcache\hscupd.exe
  • <SYSTEM32>\dllcache\icwconn1.exe
  • <SYSTEM32>\dllcache\helpsvc.exe
  • <SYSTEM32>\dllcache\hh.exe
  • <SYSTEM32>\dllcache\hostname.exe
  • <SYSTEM32>\dllcache\icwconn2.exe
  • <SYSTEM32>\dllcache\iedw.exe
  • <SYSTEM32>\dllcache\iexplore.exe
  • <SYSTEM32>\dllcache\iexpress.exe
  • <SYSTEM32>\dllcache\icwrmind.exe
  • <SYSTEM32>\dllcache\icwtutor.exe
  • <SYSTEM32>\dllcache\ie4uinit.exe
  • <SYSTEM32>\dllcache\imkrinst.exe
  • <SYSTEM32>\dllcache\logoff.exe
  • <SYSTEM32>\dllcache\logonui.exe
  • <SYSTEM32>\dllcache\lpq.exe
  • <SYSTEM32>\dllcache\lodctr.exe
  • <SYSTEM32>\dllcache\logagent.exe
  • <SYSTEM32>\dllcache\logman.exe
  • <SYSTEM32>\dllcache\lpr.exe
  • <SYSTEM32>\dllcache\mem.exe
  • <SYSTEM32>\dllcache\migisol.exe
  • <SYSTEM32>\dllcache\migload.exe
  • <SYSTEM32>\dllcache\lsass.exe
  • <SYSTEM32>\dllcache\magnify.exe
  • <SYSTEM32>\dllcache\makecab.exe
  • <SYSTEM32>\dllcache\locator.exe
  • <SYSTEM32>\dllcache\inetwiz.exe
  • <SYSTEM32>\dllcache\ipconfig.exe
  • <SYSTEM32>\dllcache\ipsec6.exe
  • <SYSTEM32>\dllcache\imscinst.exe
  • <SYSTEM32>\dllcache\inetin51.exe
  • <SYSTEM32>\dllcache\inetmgr.exe
  • <SYSTEM32>\dllcache\ipv6.exe
  • <SYSTEM32>\dllcache\label.exe
  • <SYSTEM32>\dllcache\lights.exe
  • <SYSTEM32>\dllcache\lnkstub.exe
  • <SYSTEM32>\dllcache\ipxroute.exe
  • <SYSTEM32>\dllcache\isignup.exe
  • <SYSTEM32>\dllcache\krnl386.exe
  • <SYSTEM32>\dllcache\conf.exe
  • <SYSTEM32>\wuauclt1.exe
  • %WINDIR%\inf\ricoh.inf
  • %WINDIR%\inf\rootau.inf
  • <SYSTEM32>\wuauclt.exe
  • %WINDIR%\inf\qmgr.inf
  • %WINDIR%\inf\ramdisk.inf
  • <SYSTEM32>\wupdmgr.exe
  • %WINDIR%\inf\s3savmx.inf
  • %WINDIR%\inf\s3trio3d.inf
  • %WINDIR%\inf\sapi5.inf
  • %WINDIR%\inf\s3sav3d.inf
  • %WINDIR%\inf\s3sav4.inf
  • <SYSTEM32>\xcopy.exe
  • %WINDIR%\inf\ptpusb.inf
  • %WINDIR%\inf\ppa.inf
  • %WINDIR%\inf\ppa3.inf
  • <SYSTEM32>\wpabaln.exe
  • <SYSTEM32>\wowdeb.exe
  • %WINDIR%\inf\pnpscsi.inf
  • <SYSTEM32>\wowexec.exe
  • %WINDIR%\inf\printupg.inf
  • <SYSTEM32>\write.exe
  • <SYSTEM32>\wscntfy.exe
  • <SYSTEM32>\wscript.exe
  • <SYSTEM32>\wpnpinst.exe
  • %WINDIR%\inf\prtupg9x.inf
  • %WINDIR%\inf\ps5333.inf
  • %WINDIR%\inf\sbp2.inf
  • %WINDIR%\inf\sisv6326.inf
  • %WINDIR%\inf\skins.inf
  • %WINDIR%\inf\slip.inf
  • %WINDIR%\inf\sis300i.inf
  • %WINDIR%\inf\sis6306.inf
  • %WINDIR%\inf\sisgr.inf
  • %WINDIR%\inf\smartcrd.inf
  • %WINDIR%\inf\spxports.inf
  • %WINDIR%\inf\sr.inf
  • %WINDIR%\inf\srchasst.inf
  • %WINDIR%\inf\smi.inf
  • %WINDIR%\inf\sonypvu1.inf
  • %WINDIR%\inf\spx.inf
  • %WINDIR%\inf\shl_img.inf
  • %WINDIR%\inf\sdbus.inf
  • %WINDIR%\inf\sdwndr2k.inf
  • %WINDIR%\inf\secdrv.inf
  • %WINDIR%\inf\sceregvl.inf
  • %WINDIR%\inf\scsi.inf
  • %WINDIR%\inf\scsidev.inf
  • %WINDIR%\inf\secrecs.inf
  • <SYSTEM32>\Com\comrereg.exe
  • %WINDIR%\inf\sgiu.inf
  • %WINDIR%\inf\shell.inf
  • %WINDIR%\inf\setupqry.inf
  • %WINDIR%\inf\sffdisk.inf
  • <SYSTEM32>\Com\comrepl.exe
  • <SYSTEM32>\usrprbda.exe
  • %WINDIR%\inf\oem0.inf
  • %WINDIR%\inf\oem1.inf
  • %WINDIR%\inf\nvts.inf
  • <SYSTEM32>\usrmlnka.exe
  • %WINDIR%\inf\oeaccess.inf
  • %WINDIR%\inf\oem2.inf
  • <SYSTEM32>\utilman.exe
  • %WINDIR%\inf\ovcam.inf
  • %WINDIR%\inf\ovcomp.inf
  • <SYSTEM32>\usrshuta.exe
  • %WINDIR%\inf\oobe.inf
  • %WINDIR%\inf\optional.inf
  • %WINDIR%\inf\nvdm.inf
  • <SYSTEM32>\unlodctr.exe
  • <SYSTEM32>\upnpcont.exe
  • %WINDIR%\inf\ntgrip.inf
  • <SYSTEM32>\typeperf.exe
  • %WINDIR%\inf\netxcpq.inf
  • %WINDIR%\inf\ntapm.inf
  • %WINDIR%\inf\ntprint.inf
  • %WINDIR%\inf\nv4_disp.inf
  • %WINDIR%\inf\nvct.inf
  • <SYSTEM32>\userinit.exe
  • <SYSTEM32>\ups.exe
  • %WINDIR%\inf\nv3.inf
  • <SYSTEM32>\user.exe
  • <SYSTEM32>\verifier.exe
  • <SYSTEM32>\winlogon.exe
  • %WINDIR%\inf\phil2vid.inf
  • <SYSTEM32>\winmine.exe
  • <SYSTEM32>\winhlp32.exe
  • %WINDIR%\inf\phdsext.inf
  • %WINDIR%\inf\phil1vid.inf
  • <SYSTEM32>\winmsd.exe
  • %WINDIR%\inf\pinball.inf
  • <SYSTEM32>\winver.exe
  • %WINDIR%\inf\pmxmcro.inf
  • %WINDIR%\inf\phildec.inf
  • <SYSTEM32>\winspool.exe
  • %WINDIR%\inf\philtune.inf
  • <SYSTEM32>\winchat.exe
  • %WINDIR%\inf\p2p.inf
  • <SYSTEM32>\vwipxspx.exe
  • %WINDIR%\inf\parhmse.inf
  • %WINDIR%\inf\ovsound.inf
  • <SYSTEM32>\vssadmin.exe
  • <SYSTEM32>\vssvc.exe
  • <SYSTEM32>\w32tm.exe
  • %WINDIR%\inf\perm2.inf
  • <SYSTEM32>\wiaacmgr.exe
  • %WINDIR%\inf\perm3.inf
  • %WINDIR%\inf\pchealth.inf
  • %WINDIR%\inf\pcmcia.inf
  • <SYSTEM32>\wextract.exe
  • %WINDIR%\inf\srusbusd.inf
  • <SYSTEM32>\dllcache\chkdsk.exe
  • <SYSTEM32>\dllcache\chkntfs.exe
  • %WINDIR%\inf\wdma10k1.inf
  • %WINDIR%\inf\wbfirdma.inf
  • <SYSTEM32>\dllcache\chgusr.exe
  • %WINDIR%\inf\wceusbsh.inf
  • <SYSTEM32>\dllcache\chkrzm.exe
  • %WINDIR%\inf\wdma_aur.inf
  • <SYSTEM32>\dllcache\cintsetp.exe
  • %WINDIR%\inf\wdma_avc.inf
  • %WINDIR%\inf\wdmaudio.inf
  • %WINDIR%\inf\wdma_ali.inf
  • <SYSTEM32>\dllcache\cidaemon.exe
  • %WINDIR%\inf\wbemsnmp.inf
  • %WINDIR%\inf\volsnap.inf
  • <SYSTEM32>\dllcache\cfgwiz.exe
  • %WINDIR%\inf\volume.inf
  • <SYSTEM32>\dllcache\calc.exe
  • %WINDIR%\inf\viafir2k.inf
  • <SYSTEM32>\dllcache\cb32.exe
  • <SYSTEM32>\dllcache\change.exe
  • <SYSTEM32>\dllcache\chglogon.exe
  • %WINDIR%\inf\wbemoc.inf
  • <SYSTEM32>\dllcache\chgport.exe
  • %WINDIR%\inf\wab50.inf
  • <SYSTEM32>\dllcache\charmap.exe
  • %WINDIR%\inf\wave.inf
  • %WINDIR%\inf\wdma_azt.inf
  • %WINDIR%\inf\wdma_ess.inf
  • <SYSTEM32>\dllcache\comp.exe
  • %WINDIR%\inf\wdma_int.inf
  • <SYSTEM32>\dllcache\cmmon32.exe
  • %WINDIR%\inf\wdma_es3.inf
  • <SYSTEM32>\dllcache\cmstp.exe
  • <SYSTEM32>\dllcache\compact.exe
  • <SYSTEM32>\dllcache\comrereg.exe
  • %WINDIR%\inf\wdma_neo.inf
  • %WINDIR%\inf\wdma_rip.inf
  • %WINDIR%\inf\wdma_m2e.inf
  • <SYSTEM32>\dllcache\comrepl.exe
  • %WINDIR%\inf\wdma_ne2.inf
  • %WINDIR%\inf\wdma_es2.inf
  • %WINDIR%\inf\wdma_csf.inf
  • <SYSTEM32>\dllcache\ckcnv.exe
  • %WINDIR%\inf\wdma_ctl.inf
  • <SYSTEM32>\dllcache\cipher.exe
  • %WINDIR%\inf\wdma_csc.inf
  • <SYSTEM32>\dllcache\cisvc.exe
  • <SYSTEM32>\dllcache\cleanmgr.exe
  • <SYSTEM32>\dllcache\cmd.exe
  • %WINDIR%\inf\wdma_ens.inf
  • <SYSTEM32>\dllcache\cmdl32.exe
  • <SYSTEM32>\dllcache\clipbrd.exe
  • %WINDIR%\inf\wdma_cwr.inf
  • <SYSTEM32>\dllcache\clipsrv.exe
  • %WINDIR%\inf\tape.inf
  • <SYSTEM32>\dllcache\append.exe
  • %WINDIR%\inf\tdibth.inf
  • <SYSTEM32>\dllcache\ahui.exe
  • <SYSTEM32>\dllcache\alg.exe
  • %WINDIR%\inf\tabletpc.inf
  • %WINDIR%\inf\tgiu.inf
  • %WINDIR%\inf\tridkb.inf
  • <SYSTEM32>\dllcache\asr_ldm.exe
  • %WINDIR%\inf\tridxp.inf
  • <SYSTEM32>\dllcache\arp.exe
  • <SYSTEM32>\dllcache\asr_fmt.exe
  • %WINDIR%\inf\trid3d.inf
  • %WINDIR%\inf\syssetup.inf
  • %WINDIR%\inf\streamip.inf
  • %WINDIR%\inf\svcpack.inf
  • <SYSTEM32>\dllcache\accwiz.exe
  • %WINDIR%\inf\stalport.inf
  • %WINDIR%\inf\sti.inf
  • %WINDIR%\inf\stillcam.inf
  • %WINDIR%\inf\swflash.inf
  • %WINDIR%\inf\syscomp.inf
  • <SYSTEM32>\dllcache\agentsvr.exe
  • %WINDIR%\inf\sysoc.inf
  • <SYSTEM32>\dllcache\actmovie.exe
  • %WINDIR%\inf\swnt.inf
  • <SYSTEM32>\dllcache\admin.exe
  • %WINDIR%\inf\tsbvcap.inf
  • <SYSTEM32>\dllcache\bckgzm.exe
  • %WINDIR%\inf\usbprint.inf
  • <SYSTEM32>\dllcache\blastcln.exe
  • %WINDIR%\inf\usb.inf
  • <SYSTEM32>\dllcache\autolfn.exe
  • %WINDIR%\inf\usbport.inf
  • <SYSTEM32>\dllcache\bootcfg.exe
  • <SYSTEM32>\dllcache\bootvrfy.exe
  • <SYSTEM32>\dllcache\cacls.exe
  • %WINDIR%\inf\vgx.inf
  • %WINDIR%\inf\usbstor.inf
  • %WINDIR%\inf\usbvideo.inf
  • <SYSTEM32>\dllcache\bootok.exe
  • <SYSTEM32>\dllcache\autofmt.exe
  • %WINDIR%\inf\tsoc.inf
  • <SYSTEM32>\dllcache\atmadm.exe
  • <SYSTEM32>\dllcache\attrib.exe
  • <SYSTEM32>\dllcache\asr_pfu.exe
  • <SYSTEM32>\dllcache\at.exe
  • %WINDIR%\inf\tshoot.inf
  • %WINDIR%\inf\umax.inf
  • <SYSTEM32>\dllcache\autochk.exe
  • %WINDIR%\inf\unknown.inf
  • <SYSTEM32>\dllcache\autoconv.exe
  • <SYSTEM32>\dllcache\auditusr.exe
  • %WINDIR%\inf\umaxpp.inf
  • <SYSTEM32>\dllcache\author.exe
  • <SYSTEM32>\hostname.exe
  • %WINDIR%\inf\ks.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
  • <SYSTEM32>\dllcache\dmboot.sys
  • %WINDIR%\inf\kodak.inf
  • <SYSTEM32>\dllcache\diskdump.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
  • %WINDIR%\inf\kscaptur.inf
  • %WINDIR%\inf\ksfilter.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  • %WINDIR%\inf\layout.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
  • <SYSTEM32>\dllcache\dmio.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
  • %WINDIR%\inf\irtos4mo.inf
  • <SYSTEM32>\dllcache\cdfs.sys
  • %WINDIR%\inf\irstusb.inf
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe
  • <SYSTEM32>\dllcache\cap7146.sys
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
  • %WINDIR%\inf\kdkscan.inf
  • %WINDIR%\inf\keyboard.inf
  • <SYSTEM32>\dllcache\country.sys
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe
  • %WINDIR%\inf\kdk2x0.inf
  • <SYSTEM32>\dllcache\classpnp.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
  • %WINDIR%\inf\mdac.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe
  • <SYSTEM32>\dllcache\fips.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
  • <SYSTEM32>\dllcache\fastfat.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
  • %WINDIR%\inf\mdm3com.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  • %WINDIR%\inf\mdm3mini.inf
  • %WINDIR%\inf\mdm5674a.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
  • %WINDIR%\inf\mdm3cpcm.inf
  • <SYSTEM32>\dllcache\fltmgr.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
  • <SYSTEM32>\dllcache\dxapi.sys
  • %WINDIR%\inf\lwngmadi.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
  • <SYSTEM32>\dllcache\dmload.sys
  • %WINDIR%\inf\legcydrv.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
  • %WINDIR%\inf\mchgr.inf
  • <SYSTEM32>\dllcache\et4000.sys
  • %WINDIR%\inf\lwusbhid.inf
  • <SYSTEM32>\dllcache\dxgthk.sys
  • %WINDIR%\inf\machine.inf
  • %WINDIR%\inf\icwnt5.inf
  • %WINDIR%\inf\ie.inf
  • %WINDIR%\inf\ieaccess.inf
  • %WINDIR%\inf\icam4usb.inf
  • %WINDIR%\inf\icam5usb.inf
  • %WINDIR%\inf\icminst.inf
  • %WINDIR%\inf\iereset.inf
  • %WINDIR%\inf\igames.inf
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
  • %WINDIR%\inf\iis.inf
  • %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
  • %WINDIR%\inf\icam3.inf
  • <SYSTEM32>\win32k.sys
  • %WINDIR%\Microsoft.NET\NETFXRepair.exe
  • %WINDIR%\inf\hidserv.inf
  • %WINDIR%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
  • %WINDIR%\inf\HidDigi.inf
  • <SYSTEM32>\watchdog.sys
  • %WINDIR%\inf\hpdigwia.inf
  • %WINDIR%\inf\i740nt5.inf
  • %WINDIR%\inf\i81xnt5.inf
  • %WINDIR%\inf\ibmvcap.inf
  • %WINDIR%\inf\hpojscan.inf
  • %WINDIR%\inf\hpscan.inf
  • %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
  • <SYSTEM32>\dllcache\atmlane.sys
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe
  • <SYSTEM32>\dllcache\atmuni.sys
  • %WINDIR%\inf\irdaalif.inf
  • <SYSTEM32>\dllcache\atmepvc.sys
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
  • %WINDIR%\inf\irmk7w2k.inf
  • %WINDIR%\inf\irnsc.inf
  • <SYSTEM32>\dllcache\bridge.sys
  • %WINDIR%\inf\irdasmc.inf
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
  • <SYSTEM32>\dllcache\beep.sys
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
  • %WINDIR%\inf\ims.inf
  • <SYSTEM32>\dllcache\afd.sys
  • %WINDIR%\inf\input.inf
  • %WINDIR%\inf\image.inf
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
  • <SYSTEM32>\dllcache\asyncmac.sys
  • %WINDIR%\inf\irbus.inf
  • <SYSTEM32>\dllcache\atmarpc.sys
  • <SYSTEM32>\dllcache\ansi.sys
  • %WINDIR%\inf\intl.inf
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
  • <SYSTEM32>\dllcache\fs_rec.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
  • %WINDIR%\inf\mdmcommu.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  • %WINDIR%\inf\mdmcodex.inf
  • <SYSTEM32>\dllcache\ndistapi.sys
  • %WINDIR%\inf\mdmcom1.inf
  • <SYSTEM32>\dllcache\ndiswan.sys
  • <SYSTEM32>\dllcache\ndproxy.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  • <SYSTEM32>\dllcache\netbios.sys
  • %WINDIR%\inf\mdmcomp.inf
  • %WINDIR%\inf\mdmcpq.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
  • %WINDIR%\inf\mdmcm28.inf
  • %WINDIR%\inf\mdmbw561.INF
  • %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
  • %WINDIR%\inf\mdmc26a.INF
  • %WINDIR%\inf\mdmbug3.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe
  • <SYSTEM32>\dllcache\msfs.sys
  • <SYSTEM32>\dllcache\msgpc.sys
  • %WINDIR%\inf\mdmchipv.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
  • <SYSTEM32>\dllcache\ndis.sys
  • %WINDIR%\inf\mdmcdp.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
  • <SYSTEM32>\dllcache\mup.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  • <SYSTEM32>\dllcache\ntdos404.sys
  • <SYSTEM32>\dllcache\ntdos411.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
  • %WINDIR%\inf\mdmcxsft.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe
  • %WINDIR%\inf\mdmdcm5.inf
  • <SYSTEM32>\dllcache\ntdos804.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
  • <SYSTEM32>\dllcache\ntdos412.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
  • %WINDIR%\inf\mdmdcm6.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  • %WINDIR%\inf\mdmcpv.inf
  • <SYSTEM32>\dllcache\nmnt.sys
  • %WINDIR%\inf\mdmcpq2.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
  • <SYSTEM32>\dllcache\netbt.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  • %WINDIR%\inf\mdmcxsf2.inf
  • <SYSTEM32>\dllcache\ntdos.sys
  • %WINDIR%\inf\mdmcrtix.inf
  • <SYSTEM32>\dllcache\npfs.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
  • <SYSTEM32>\dllcache\ipsec.sys
  • %WINDIR%\inf\mdmaiwa5.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
  • <SYSTEM32>\dllcache\ipnat.sys
  • %WINDIR%\inf\mdmaiwa4.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
  • %WINDIR%\inf\mdmaiwat.inf
  • %WINDIR%\inf\mdmar1.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
  • <SYSTEM32>\dllcache\keyboard.sys
  • <SYSTEM32>\dllcache\irenum.sys
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
  • <SYSTEM32>\dllcache\key01.sys
  • %WINDIR%\inf\mdmaiwa3.inf
  • <SYSTEM32>\dllcache\himem.sys
  • %WINDIR%\inf\mdmadc.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe
  • %WINDIR%\inf\mdm656n5.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
  • <SYSTEM32>\dllcache\ip6fw.sys
  • <SYSTEM32>\dllcache\ipfltdrv.sys
  • %WINDIR%\inf\mdmaiwa.inf
  • <SYSTEM32>\dllcache\ipinip.sys
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
  • %WINDIR%\inf\mdmairte.inf
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  • %WINDIR%\inf\mdmarch.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
  • %WINDIR%\inf\mdmbcmsm.inf
  • <SYSTEM32>\dllcache\mountmgr.sys
  • %WINDIR%\inf\mdmaus.inf
  • <SYSTEM32>\dllcache\mnmdd.sys
  • %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe
  • %WINDIR%\inf\mdmboca.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe
  • %WINDIR%\inf\mdmbtmdm.inf
  • <SYSTEM32>\dllcache\mrxdav.sys
  • %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe
  • <SYSTEM32>\dllcache\mqac.sys
  • %WINDIR%\inf\mdmbsb.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
  • <SYSTEM32>\dllcache\mcd.sys
  • %WINDIR%\inf\mdmati.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
  • %WINDIR%\inf\mdmarn.inf
  • <SYSTEM32>\dllcache\ksecdd.sys
  • %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
  • %WINDIR%\inf\mdmatm2k.inf
  • %WINDIR%\inf\mdmatt.inf
  • %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
  • <SYSTEM32>\dllcache\mga.sys
  • %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe
  • %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\XPSViewer_X86.exe
  • <SYSTEM32>\format.com
  • <SYSTEM32>\graftabl.com
  • <SYSTEM32>\graphics.com
  • <SYSTEM32>\diskcopy.com
  • <SYSTEM32>\edit.com
  • %WINDIR%\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • <SYSTEM32>\more.com
  • <SYSTEM32>\tree.com
  • <SYSTEM32>\kb16.com
  • <SYSTEM32>\loadfix.com
  • <SYSTEM32>\mode.com
  • <SYSTEM32>\diskcomp.com
  • %WINDIR%\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
  • %WINDIR%\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • <SYSTEM32>\chcp.com
  • <SYSTEM32>\command.com
  • %WINDIR%\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • <SYSTEM32>\win.com
  • %WINDIR%\inf\apcompat.inf
  • %WINDIR%\inf\appmig.inf
  • %WINDIR%\inf\apps.inf
  • %WINDIR%\inf\adm_port.inf
  • %WINDIR%\inf\agp.inf
  • %WINDIR%\inf\agtinst.inf
  • %WINDIR%\inf\asroc.inf
  • %WINDIR%\inf\atiixpag.inf
  • %WINDIR%\inf\atim128.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
  • %WINDIR%\inf\asynceqn.inf
  • %WINDIR%\inf\ati1xwdm.inf
  • %WINDIR%\inf\atiixpaa.inf
  • %WINDIR%\inf\adm_mult.inf
  • %WINDIR%\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • %WINDIR%\Driver Cache\i386\msxpsdrv.inf
  • %WINDIR%\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\inf\1394.inf
  • %WINDIR%\inf\accessor.inf
  • %WINDIR%\inf\acerscan.inf
  • %WINDIR%\inf\acpi.inf
  • %WINDIR%\inf\1394vdbg.inf
  • %WINDIR%\inf\3dfxvs2k.inf
  • %WINDIR%\inf\61883.inf
  • %WINDIR%\sleep.exe
  • %WINDIR%\TASKMAN.EXE
  • %WINDIR%\vbaddin.ini
  • %WINDIR%\sfk.exe
  • %WINDIR%\system.ini
  • %WINDIR%\vb.ini
  • %WINDIR%\twunk_16.exe
  • %WINDIR%\winhlp32.exe
  • %WINDIR%\$NtUninstallKB942288-v3$\msiexec.exe
  • %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
  • %WINDIR%\twunk_32.exe
  • %WINDIR%\win.ini
  • %WINDIR%\winhelp.exe
  • %WINDIR%\regedit.exe
  • %WINDIR%\Fonts\GlobalSansSerif.CompositeFont
  • %WINDIR%\Fonts\GlobalSerif.CompositeFont
  • %WINDIR%\Fonts\GlobalUserInterface.CompositeFont
  • %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.inf
  • %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.inf
  • %WINDIR%\Fonts\GlobalMonospace.CompositeFont
  • %WINDIR%\control.ini
  • %WINDIR%\msdfmap.ini
  • %WINDIR%\NOTEPAD.EXE
  • %WINDIR%\ODBCINST.INI
  • %WINDIR%\desktop.ini
  • %WINDIR%\explorer.exe
  • %WINDIR%\hh.exe
  • %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.exe
  • %WINDIR%\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalMonospace.CompositeFont
  • %WINDIR%\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Config\machine.config.comments
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Config\web.config.comments
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSansSerif.CompositeFont
  • %WINDIR%\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalSerif.CompositeFont
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont
  • %WINDIR%\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config.comments
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config.comments
  • %WINDIR%\inf\atimpab.inf
  • %WINDIR%\inf\epstw2k.inf
  • %WINDIR%\inf\eqnport.inf
  • %WINDIR%\inf\fdc.inf
  • %WINDIR%\inf\epsnmfp.inf
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
  • %WINDIR%\inf\epsnscan.inf
  • %WINDIR%\inf\fjtscan.inf
  • %WINDIR%\inf\font.inf
  • <SYSTEM32>\ansi.sys
  • %WINDIR%\inf\fp40ext.inf
  • %WINDIR%\inf\flash.inf
  • %WINDIR%\inf\flpydisk.inf
  • %WINDIR%\inf\fltmgr.inf
  • %WINDIR%\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
  • %WINDIR%\inf\dot4prt.inf
  • %WINDIR%\inf\drm.inf
  • %WINDIR%\inf\drvindex.inf
  • %WINDIR%\inf\divac.inf
  • %WINDIR%\inf\divasrv.inf
  • %WINDIR%\inf\dot4.inf
  • %WINDIR%\inf\dshowext.inf
  • %WINDIR%\inf\dwup.inf
  • %WINDIR%\inf\enum1394.inf
  • %WINDIR%\inf\epcfw2k.inf
  • %WINDIR%\inf\dtcnt5.inf
  • %WINDIR%\inf\dvd.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
  • <SYSTEM32>\country.sys
  • %WINDIR%\inf\games.inf
  • %WINDIR%\inf\unregmp2.exe
  • <SYSTEM32>\ntio404.sys
  • %WINDIR%\inf\g400.inf
  • %WINDIR%\inf\gameport.inf
  • <SYSTEM32>\ntio.sys
  • %WINDIR%\inf\genprint.inf
  • %WINDIR%\inf\hidbth.inf
  • <SYSTEM32>\ntio804.sys
  • %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHost_X86.exe
  • <SYSTEM32>\ntio411.sys
  • %WINDIR%\inf\hal.inf
  • <SYSTEM32>\ntio412.sys
  • <SYSTEM32>\ntdos804.sys
  • %WINDIR%\inf\fsvgaadd.inf
  • <SYSTEM32>\keyboard.sys
  • %WINDIR%\inf\fsvgadel.inf
  • %WINDIR%\inf\fsvga.inf
  • <SYSTEM32>\himem.sys
  • <SYSTEM32>\key01.sys
  • %WINDIR%\Help\Tours\mmTour\tour.exe
  • <SYSTEM32>\ntdos411.sys
  • %WINDIR%\inf\g200.inf
  • <SYSTEM32>\ntdos412.sys
  • <SYSTEM32>\ntdos.sys
  • <SYSTEM32>\ntdos404.sys
  • %WINDIR%\inf\fxsocm.inf
  • %WINDIR%\inf\brmfcsto.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
  • %WINDIR%\inf\brmfcumd.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
  • %WINDIR%\inf\brmfcmdm.inf
  • %WINDIR%\inf\brmfcmf.inf
  • %WINDIR%\inf\brmfcwia.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
  • %WINDIR%\inf\bthprint.inf
  • %WINDIR%\inf\bthspp.inf
  • %WINDIR%\inf\brmfport.inf
  • %WINDIR%\inf\bth.inf
  • %WINDIR%\inf\bthpan.inf
  • %WINDIR%\inf\branches.inf
  • %WINDIR%\inf\atixpwdm.inf
  • %WINDIR%\inf\au.inf
  • %WINDIR%\inf\avc.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
  • %WINDIR%\inf\atirage3.inf
  • %WINDIR%\inf\atividin.inf
  • %WINDIR%\inf\avmisdn.inf
  • %WINDIR%\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
  • %WINDIR%\inf\bda.inf
  • %WINDIR%\inf\biosinfo.inf
  • %WINDIR%\inf\axant5.inf
  • %WINDIR%\inf\banshee.inf
  • %WINDIR%\inf\battery.inf
  • %WINDIR%\inf\camdsh20.inf
  • %WINDIR%\inf\dgaport.inf
  • %WINDIR%\inf\dgasync.inf
  • %WINDIR%\inf\digiasyn.inf
  • %WINDIR%\inf\defltwk.inf
  • %WINDIR%\inf\devxprop.inf
  • %WINDIR%\inf\dfrg.inf
  • %WINDIR%\inf\digiisdn.inf
  • %WINDIR%\inf\dimaps.inf
  • %WINDIR%\inf\disk.inf
  • %WINDIR%\inf\display.inf
  • %WINDIR%\inf\digimps.inf
  • %WINDIR%\inf\digirp.inf
  • %WINDIR%\inf\digirprt.inf
  • %WINDIR%\inf\cyzport.inf
  • %WINDIR%\inf\cdrom.inf
  • %WINDIR%\inf\certclas.inf
  • %WINDIR%\inf\communic.inf
  • %WINDIR%\inf\camvid20.inf
  • %WINDIR%\inf\camvid30.inf
  • %WINDIR%\inf\ccdecode.inf
  • %WINDIR%\inf\comnt5.inf
  • %WINDIR%\inf\cyclad-z.inf
  • %WINDIR%\inf\cyclom-y.inf
  • %WINDIR%\inf\cyyport.inf
  • %WINDIR%\inf\corelist.inf
  • %WINDIR%\inf\cpu.inf
  • %WINDIR%\inf\ctmaport.inf
  • <DRIVERS>\imapi.sys
  • %WINDIR%\inf\mdmsiil6.INF
  • <SYSTEM32>\diantz.exe
  • <DRIVERS>\http.sys
  • <SYSTEM32>\dfrgntfs.exe
  • <DRIVERS>\i8042prt.sys
  • <DRIVERS>\intelide.sys
  • <DRIVERS>\intelppm.sys
  • <SYSTEM32>\diskperf.exe
  • %WINDIR%\inf\mdmspq28.inf
  • %WINDIR%\inf\mdmsmart.inf
  • <SYSTEM32>\diskpart.exe
  • %WINDIR%\inf\mdmsonyu.inf
  • %WINDIR%\inf\mdmsii64.INF
  • <DRIVERS>\fltMgr.sys
  • %WINDIR%\inf\mdmsgsml.inf
  • <SYSTEM32>\debug.exe
  • <DRIVERS>\flpydisk.sys
  • <SYSTEM32>\ddeshare.exe
  • %WINDIR%\inf\mdmsetup.inf
  • %WINDIR%\inf\mdmsgsmu.inf
  • %WINDIR%\inf\mdmsier.inf
  • <SYSTEM32>\dfrgfat.exe
  • <DRIVERS>\ftdisk.sys
  • <SYSTEM32>\defrag.exe
  • <DRIVERS>\fsvga.sys
  • <DRIVERS>\fs_rec.sys
  • <DRIVERS>\ip6fw.sys
  • <SYSTEM32>\dosx.exe
  • <SYSTEM32>\dplaysvr.exe
  • <DRIVERS>\isapnp.sys
  • <SYSTEM32>\doskey.exe
  • %WINDIR%\inf\mdmtdkj2.inf
  • <DRIVERS>\irenum.sys
  • <SYSTEM32>\dpnsvr.exe
  • <SYSTEM32>\dpvsetup.exe
  • <DRIVERS>\ks.sys
  • %WINDIR%\inf\mdmtdkj5.inf
  • %WINDIR%\inf\mdmtdkj3.inf
  • <DRIVERS>\kbdclass.sys
  • %WINDIR%\inf\mdmtdkj4.inf
  • <DRIVERS>\ipsec.sys
  • %WINDIR%\inf\mdmsun2.inf
  • <SYSTEM32>\dllhst3g.exe
  • <DRIVERS>\ipinip.sys
  • <SYSTEM32>\dllhost.exe
  • %WINDIR%\inf\mdmsun1.inf
  • <DRIVERS>\ipfltdrv.sys
  • %WINDIR%\inf\mdmsupr3.inf
  • %WINDIR%\inf\mdmsupra.inf
  • %WINDIR%\inf\mdmsuprv.inf
  • %WINDIR%\inf\mdmtdk.inf
  • <SYSTEM32>\dmadmin.exe
  • <DRIVERS>\ipnat.sys
  • <SYSTEM32>\dmremote.exe
  • %WINDIR%\inf\mdmpn1.inf
  • <SYSTEM32>\clipbrd.exe
  • <DRIVERS>\diskdump.sys
  • <DRIVERS>\DbgPrnHk.sys
  • <SYSTEM32>\cliconfg.exe
  • <DRIVERS>\disk.sys
  • %WINDIR%\inf\mdmpp.inf
  • <SYSTEM32>\cmd.exe
  • <DRIVERS>\dmio.sys
  • <SYSTEM32>\cmdl32.exe
  • <DRIVERS>\dmboot.sys
  • <SYSTEM32>\clipsrv.exe
  • %WINDIR%\inf\mdmpsion.inf
  • <SYSTEM32>\cleanmgr.exe
  • %WINDIR%\inf\mdmpbit.inf
  • <SYSTEM32>\cipher.exe
  • <SYSTEM32>\cisvc.exe
  • %WINDIR%\inf\mdmpace.inf
  • <SYSTEM32>\cidaemon.exe
  • <DRIVERS>\compbatt.sys
  • %WINDIR%\inf\mdmpctel.inf
  • %WINDIR%\inf\mdmpenr.inf
  • <DRIVERS>\crusoe.sys
  • %WINDIR%\inf\mdmpin.inf
  • <DRIVERS>\cpqdap01.sys
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_353815cd\__AssemblyInfo__.ini
  • <SYSTEM32>\ckcnv.exe
  • <SYSTEM32>\cmmon32.exe
  • %WINDIR%\inf\mdmrock4.inf
  • <DRIVERS>\fdc.sys
  • %WINDIR%\inf\mdmrock5.inf
  • <SYSTEM32>\control.exe
  • <DRIVERS>\fastfat.sys
  • <SYSTEM32>\convert.exe
  • <DRIVERS>\filedisk.sys
  • <SYSTEM32>\ctfmon.exe
  • <SYSTEM32>\dcomcnfg.exe
  • %WINDIR%\inf\mdmrpciw.inf
  • %WINDIR%\inf\mdmrpci.inf
  • <SYSTEM32>\csrss.exe
  • <DRIVERS>\fips.sys
  • <DRIVERS>\eventmon.sys
  • <SYSTEM32>\comp.exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f236c56a\__AssemblyInfo__.ini
  • <SYSTEM32>\compact.exe
  • %WINDIR%\inf\mdmracal.inf
  • <SYSTEM32>\cmstp.exe
  • <DRIVERS>\dmload.sys
  • <DRIVERS>\dxapi.sys
  • <SYSTEM32>\conime.exe
  • <DRIVERS>\dxgthk.sys
  • %WINDIR%\inf\mdmrock3.inf
  • %WINDIR%\inf\mdmrisa.inf
  • <DRIVERS>\dxg.sys
  • %WINDIR%\inf\mdmrock.inf
  • <SYSTEM32>\driverquery.exe
  • <DRIVERS>\nikedrv.sys
  • %WINDIR%\inf\mfcem28.inf
  • <DRIVERS>\nmnt.sys
  • <SYSTEM32>\fontview.exe
  • <DRIVERS>\nic1394.sys
  • <SYSTEM32>\forcedos.exe
  • %WINDIR%\inf\mfcem33.inf
  • <SYSTEM32>\fsquirt.exe
  • %WINDIR%\inf\mff56n5.inf
  • <DRIVERS>\ntfs.sys
  • %WINDIR%\inf\mfcem56.inf
  • <SYSTEM32>\freecell.exe
  • <DRIVERS>\npfs.sys
  • %WINDIR%\inf\mf.inf
  • %WINDIR%\inf\mdmzyxlg.inf
  • <DRIVERS>\ndproxy.sys
  • <DRIVERS>\netbios.sys
  • <SYSTEM32>\find.exe
  • %WINDIR%\inf\mdmzyxel.inf
  • <SYSTEM32>\findstr.exe
  • <SYSTEM32>\finger.exe
  • <SYSTEM32>\fixmapi.exe
  • <DRIVERS>\netbt.sys
  • <SYSTEM32>\fltMc.exe
  • %WINDIR%\inf\medctroc.inf
  • %WINDIR%\inf\memcard.inf
  • %WINDIR%\inf\memstpci.inf
  • %WINDIR%\inf\mflm.inf
  • <DRIVERS>\nwlnkspx.sys
  • <SYSTEM32>\gpupdate.exe
  • %WINDIR%\inf\minioc.inf
  • <SYSTEM32>\gpresult.exe
  • %WINDIR%\inf\mfx56nf.inf
  • %WINDIR%\inf\mgau.inf
  • <SYSTEM32>\grpconv.exe
  • <SYSTEM32>\help.exe
  • %WINDIR%\inf\modemcsa.inf
  • <DRIVERS>\p3.sys
  • %WINDIR%\inf\mmopt.inf
  • <DRIVERS>\nwrdr.sys
  • <DRIVERS>\oprghdlr.sys
  • <DRIVERS>\nwlnknb.sys
  • %WINDIR%\inf\mflm56.inf
  • <DRIVERS>\nwlnkflt.sys
  • <DRIVERS>\nwlnkfwd.sys
  • <DRIVERS>\null.sys
  • <SYSTEM32>\fsutil.exe
  • <SYSTEM32>\ftp.exe
  • <SYSTEM32>\gdi.exe
  • <SYSTEM32>\getmac.exe
  • <DRIVERS>\nwlnkipx.sys
  • %WINDIR%\inf\mfsupra.inf
  • %WINDIR%\inf\mfmhzn5.inf
  • %WINDIR%\inf\mfosi5.inf
  • %WINDIR%\inf\mfsocket.inf
  • <DRIVERS>\mountmgr.sys
  • <SYSTEM32>\dxdiag.exe
  • %WINDIR%\inf\mdmtron.inf
  • <SYSTEM32>\dvdupgrd.exe
  • <SYSTEM32>\dwwin.exe
  • %WINDIR%\inf\mdmtosh.inf
  • <SYSTEM32>\edlin.exe
  • <DRIVERS>\mrxdav.sys
  • %WINDIR%\inf\mdmusrg.inf
  • <SYSTEM32>\eudcedit.exe
  • %WINDIR%\inf\mdmusrf.inf
  • <DRIVERS>\mqac.sys
  • <SYSTEM32>\esentutl.exe
  • <DRIVERS>\mouclass.sys
  • <DRIVERS>\mcd.sys
  • <SYSTEM32>\drwtsn32.exe
  • %WINDIR%\inf\mdmtdkj7.inf
  • <DRIVERS>\ksecdd.sys
  • <SYSTEM32>\drwatson.exe
  • %WINDIR%\inf\mdmtdkj6.inf
  • <DRIVERS>\mf.sys
  • %WINDIR%\inf\mdmtexas.inf
  • <SYSTEM32>\dvdplay.exe
  • %WINDIR%\inf\mdmti.inf
  • <DRIVERS>\mnmdd.sys
  • <SYSTEM32>\dumprep.exe
  • <DRIVERS>\modem.sys
  • %WINDIR%\inf\mdmusrgl.inf
  • %WINDIR%\inf\mdmxircc.inf
  • <SYSTEM32>\extrac32.exe
  • <DRIVERS>\ndistapi.sys
  • <SYSTEM32>\expand.exe
  • %WINDIR%\inf\mdmx5560.inf
  • <DRIVERS>\ndis.sys
  • %WINDIR%\inf\mdmxirmp.inf
  • <SYSTEM32>\fc.exe
  • %WINDIR%\inf\mdmzyp.inf
  • <DRIVERS>\ndiswan.sys
  • <SYSTEM32>\fastopen.exe
  • <DRIVERS>\ndisuio.sys
  • %WINDIR%\inf\mdmzoom.inf
  • %WINDIR%\inf\mdmwhql0.inf
  • <DRIVERS>\msfs.sys
  • <SYSTEM32>\eventtriggers.exe
  • %WINDIR%\inf\mdmusrsp.inf
  • <DRIVERS>\mrxsmb.sys
  • %WINDIR%\inf\mdmusrk1.inf
  • <SYSTEM32>\eventcreate.exe
  • <DRIVERS>\msgpc.sys
  • %WINDIR%\inf\mdmvv.inf
  • <DRIVERS>\mup.sys
  • <SYSTEM32>\exe2bin.exe
  • <DRIVERS>\mssmbios.sys
  • %WINDIR%\inf\mdmvdot.inf
  • <SYSTEM32>\eventvwr.exe
  • <DRIVERS>\CmBatt.sys
  • %WINDIR%\inf\mdmgsm.inf
  • <SYSTEM32>\dllcache\rdbss.sys
  • %WINDIR%\inf\mdmhaeu.inf
  • %WINDIR%\inf\mdmgl009.inf
  • %WINDIR%\inf\mdmgl010.inf
  • <SYSTEM32>\dllcache\rawwan.sys
  • %WINDIR%\mui\muisetup.exe
  • <SYSTEM32>\dllcache\rdpwd.sys
  • %WINDIR%\inf\mdmhay2.inf
  • <SYSTEM32>\dllcache\rmcast.sys
  • <SYSTEM32>\dllcache\rdpcdd.sys
  • %WINDIR%\inf\mdmhamrw.inf
  • %WINDIR%\inf\mdmhandy.inf
  • <SYSTEM32>\dllcache\raspti.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUtility.exe
  • <SYSTEM32>\dllcache\rasacd.sys
  • %WINDIR%\inf\mdmgl006.inf
  • %WINDIR%\inf\mdmgl004.inf
  • <SYSTEM32>\dllcache\ramdisk.sys
  • %WINDIR%\inf\mdmgl005.inf
  • <SYSTEM32>\dllcache\rasl2tp.sys
  • <SYSTEM32>\dllcache\raspptp.sys
  • %WINDIR%\msagent\agentsvr.exe
  • %WINDIR%\inf\mdmgl008.inf
  • <SYSTEM32>\dllcache\raspppoe.sys
  • %WINDIR%\inf\mdmgl007.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
  • %WINDIR%\inf\mdmhayes.inf
  • <SYSTEM32>\dllcache\tcpip.sys
  • <SYSTEM32>\dllcache\tcpip6.sys
  • %WINDIR%\inf\MDMJF56E.INF
  • <SYSTEM32>\dllcache\tape.sys
  • %WINDIR%\pchealth\helpctr\binaries\notiflag.exe
  • %WINDIR%\inf\mdmisdn.inf
  • <SYSTEM32>\dllcache\tdasync.sys
  • %WINDIR%\inf\mdmlasat.inf
  • <SYSTEM32>\dllcache\tdipx.sys
  • %WINDIR%\inf\mdmlasno.inf
  • %WINDIR%\inf\mdmke.inf
  • %WINDIR%\inf\mdmkortx.inf
  • <SYSTEM32>\dllcache\tdi.sys
  • %WINDIR%\inf\mdmirmdm.inf
  • %WINDIR%\pchealth\helpctr\binaries\HelpHost.exe
  • %WINDIR%\inf\mdminfot.inf
  • <SYSTEM32>\dllcache\smclib.sys
  • <SYSTEM32>\dllcache\rndismp.sys
  • %WINDIR%\pchealth\helpctr\binaries\HelpCtr.exe
  • <SYSTEM32>\dllcache\rootmdm.sys
  • %WINDIR%\pchealth\helpctr\binaries\HelpSvc.exe
  • <SYSTEM32>\dllcache\srv.sys
  • %WINDIR%\pchealth\helpctr\binaries\msconfig.exe
  • %WINDIR%\inf\mdmiodat.inf
  • %WINDIR%\inf\mdmintel.inf
  • <SYSTEM32>\dllcache\sr.sys
  • %WINDIR%\pchealth\helpctr\binaries\HscUpd.exe
  • <SYSTEM32>\dllcache\ntio412.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ngen.exe
  • %WINDIR%\inf\mdmeiger.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  • %WINDIR%\inf\mdmdyna.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  • <SYSTEM32>\dllcache\ntio804.sys
  • %WINDIR%\inf\mdmeric.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  • <SYSTEM32>\dllcache\nwlnkflt.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  • %WINDIR%\inf\mdmelsa.inf
  • <SYSTEM32>\dllcache\null.sys
  • %WINDIR%\inf\mdmdsi.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  • %WINDIR%\inf\mdmdgden.inf
  • <SYSTEM32>\dllcache\ntio.sys
  • <SYSTEM32>\dllcache\ntfs.sys
  • %WINDIR%\inf\mdmdf56F.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
  • %WINDIR%\inf\mdmdgitn.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
  • %WINDIR%\inf\mdmdp2.inf
  • <SYSTEM32>\dllcache\ntio411.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\jsc.exe
  • <SYSTEM32>\dllcache\ntio404.sys
  • %WINDIR%\inf\mdmdigi.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
  • %WINDIR%\inf\mdmgen.inf
  • <SYSTEM32>\dllcache\parvdm.sys
  • %WINDIR%\inf\mdmgl001.inf
  • <SYSTEM32>\dllcache\nwrdr.sys
  • %WINDIR%\inf\mdmgcs.inf
  • <SYSTEM32>\dllcache\partmgr.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
  • %WINDIR%\inf\mdmgl003.inf
  • <SYSTEM32>\dllcache\ptilink.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
  • <SYSTEM32>\dllcache\psched.sys
  • %WINDIR%\inf\mdmgl002.inf
  • %WINDIR%\inf\mdmgatew.inf
  • %WINDIR%\inf\mdmess.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
  • <SYSTEM32>\dllcache\nwlnkipx.sys
  • <SYSTEM32>\dllcache\nwlnkfwd.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
  • %WINDIR%\inf\mdmeric2.inf
  • %WINDIR%\inf\mdmetech.inf
  • %WINDIR%\inf\mdmfj2.inf
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
  • <SYSTEM32>\dllcache\nwlnkspx.sys
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe
  • <SYSTEM32>\dllcache\nwlnknb.sys
  • %WINDIR%\inf\mdmexp.inf
  • <SYSTEM32>\dllcache\tdpipe.sys
  • %WINDIR%\inf\mdmnova.inf
  • %WINDIR%\inf\mdmntstm.inf
  • <SYSTEM32>\autochk.exe
  • <SYSTEM32>\attrib.exe
  • <DRIVERS>\atmuni.sys
  • <SYSTEM32>\auditusr.exe
  • %WINDIR%\inf\mdmntt1.INF
  • %WINDIR%\inf\mdmnttd2.inf
  • <DRIVERS>\battc.sys
  • <SYSTEM32>\autofmt.exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7cac80ba\__AssemblyInfo__.ini
  • <DRIVERS>\audstub.sys
  • <SYSTEM32>\autoconv.exe
  • %WINDIR%\inf\mdmnokia.inf
  • %WINDIR%\inf\Mdmnis3t.inf
  • <SYSTEM32>\at.exe
  • <DRIVERS>\asyncmac.sys
  • %WINDIR%\inf\Mdmnis2u.inf
  • <DRIVERS>\arp1394.sys
  • <SYSTEM32>\asr_pfu.exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c34133cb\__AssemblyInfo__.ini
  • %WINDIR%\inf\Mdmnis5t.inf
  • <DRIVERS>\atmepvc.sys
  • <DRIVERS>\atmlane.sys
  • <DRIVERS>\atapi.sys
  • <DRIVERS>\atmarpc.sys
  • <SYSTEM32>\atmadm.exe
  • %WINDIR%\inf\mdmnttd6.inf
  • %WINDIR%\inf\mdmoptn.inf
  • <DRIVERS>\cdrom.sys
  • <SYSTEM32>\calc.exe
  • <SYSTEM32>\bootvrfy.exe
  • <DRIVERS>\cdfs.sys
  • <SYSTEM32>\cacls.exe
  • %WINDIR%\inf\mdmosi.inf
  • <DRIVERS>\classpnp.sys
  • <SYSTEM32>\chkdsk.exe
  • <SYSTEM32>\chkntfs.exe
  • <DRIVERS>\cinemst2.sys
  • <SYSTEM32>\charmap.exe
  • %WINDIR%\inf\mdmosice.inf
  • %WINDIR%\inf\mdmomrn3.inf
  • %WINDIR%\inf\mdmnttp.inf
  • <DRIVERS>\bridge.sys
  • <SYSTEM32>\blastcln.exe
  • %WINDIR%\inf\mdmnttme.INF
  • <DRIVERS>\beep.sys
  • <SYSTEM32>\autolfn.exe
  • %WINDIR%\inf\mdmnttp2.inf
  • <SYSTEM32>\bootok.exe
  • <DRIVERS>\cdaudio.sys
  • %WINDIR%\inf\mdmolic.inf
  • <DRIVERS>\cbidf2k.sys
  • <SYSTEM32>\bootcfg.exe
  • %WINDIR%\inf\mdmnttte.inf
  • <SYSTEM32>\dllcache\videoprt.sys
  • %WINDIR%\inf\mdmmega.inf
  • <SYSTEM32>\dllcache\volsnap.sys
  • %WINDIR%\inf\mdmmcom.inf
  • %WINDIR%\inf\mdmmct.inf
  • %WINDIR%\pchealth\UploadLB\Binaries\UploadM.exe
  • %WINDIR%\inf\mdmmetri.inf
  • <SYSTEM32>\dllcache\watchdog.sys
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_27b9fd4f\__AssemblyInfo__.ini
  • %WINDIR%\inf\mdmmhzel.inf
  • %WINDIR%\inf\mdmmhrtz.inf
  • <SYSTEM32>\dllcache\wanarp.sys
  • %WINDIR%\inf\mdmmhza.inf
  • <SYSTEM32>\dllcache\vga.sys
  • <SYSTEM32>\dllcache\tdspx.sys
  • %WINDIR%\inf\mdmltsft.inf
  • <SYSTEM32>\dllcache\tdtcp.sys
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b50667e9\__AssemblyInfo__.ini
  • %WINDIR%\inf\mdmlt3.inf
  • %WINDIR%\inf\mdmltleo.inf
  • %WINDIR%\inf\mdmlucnt.inf
  • <SYSTEM32>\dllcache\usb8023.sys
  • %WINDIR%\inf\mdmmcd.inf
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5917eb5b\__AssemblyInfo__.ini
  • <SYSTEM32>\dllcache\udfs.sys
  • %WINDIR%\inf\mdmmc288.inf
  • <SYSTEM32>\dllcache\update.sys
  • <SYSTEM32>\dllcache\weitekp9.sys
  • %WINDIR%\inf\mdmmts.inf
  • <DRIVERS>\acpiec.sys
  • <DRIVERS>\afd.sys
  • <SYSTEM32>\append.exe
  • <DRIVERS>\acpi.sys
  • <SYSTEM32>\arp.exe
  • <SYSTEM32>\asr_fmt.exe
  • %WINDIR%\inf\Mdmnis1u.inf
  • <SYSTEM32>\asr_ldm.exe
  • <DRIVERS>\amdk7.sys
  • %WINDIR%\inf\mdmneuhs.inf
  • <DRIVERS>\AGP440.SYS
  • <DRIVERS>\amdk6.sys
  • %WINDIR%\inf\mdmmotou.inf
  • <SYSTEM32>\accwiz.exe
  • <SYSTEM32>\dllcache\wmilib.sys
  • %WINDIR%\inf\mdmmod.inf
  • %WINDIR%\inf\mdmmhzk1.inf
  • <SYSTEM32>\dllcache\win32k.sys
  • %WINDIR%\inf\mdmminij.inf
  • <SYSTEM32>\actmovie.exe
  • %WINDIR%\inf\mdmmoto1.inf
  • <SYSTEM32>\ahui.exe
  • <SYSTEM32>\alg.exe
  • %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cd264933\__AssemblyInfo__.ini
  • <SYSTEM32>\dllcache\ws2ifsl.sys
  • %WINDIR%\inf\mdmmoto.inf
Deletes itself.

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play