Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NT4 hosting service' = '<SYSTEM32>\ntldr.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe <SYSTEM32>\ntldr.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
- %WINDIR%\hh.exe
- %WINDIR%\inf\unregmp2.exe
- %WINDIR%\Help\Tours\mmTour\tour.exe
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
- %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHost_X86.exe
- %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\XPSViewer_X86.exe
- %WINDIR%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
- %WINDIR%\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
- %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.exe
- %WINDIR%\$NtUninstallKB942288-v3$\msiexec.exe
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
- <SYSTEM32>\dllcache\migrate.exe with <SYSTEM32>\dllcache\migrate.exe.new
- <SYSTEM32>\dllcache\wabmig.exe with <SYSTEM32>\dllcache\wabmig.exe.new
- <SYSTEM32>\dllcache\setup_wm.exe with <SYSTEM32>\dllcache\setup_wm.exe.new
- <SYSTEM32>\dllcache\mplayer2.exe with <SYSTEM32>\dllcache\mplayer2.exe.new
- <SYSTEM32>\dllcache\wab.exe with <SYSTEM32>\dllcache\wab.exe.new
- <SYSTEM32>\dllcache\msimn.exe with <SYSTEM32>\dllcache\msimn.exe.new
- <SYSTEM32>\dllcache\wb32.exe with <SYSTEM32>\dllcache\wb32.exe.new
- <SYSTEM32>\dllcache\setup50.exe with <SYSTEM32>\dllcache\setup50.exe.new
- <SYSTEM32>\dllcache\oemig50.exe with <SYSTEM32>\dllcache\oemig50.exe.new
- <SYSTEM32>\dllcache\wmplayer.exe with <SYSTEM32>\dllcache\wmplayer.exe.new
- <SYSTEM32>\dllcache\tourW.exe with <SYSTEM32>\dllcache\tourW.exe.new
- %WINDIR%\inf\unregmp2.exe with %WINDIR%\inf\unregmp2.exe.new
- <SYSTEM32>\dllcache\unregmp2.exe with <SYSTEM32>\dllcache\unregmp2.exe.new
- <SYSTEM32>\dllcache\hh.exe with <SYSTEM32>\dllcache\hh.exe.new
- %WINDIR%\hh.exe with %WINDIR%\hh.exe.new
- <SYSTEM32>\dllcache\dialer.exe with <SYSTEM32>\dllcache\dialer.exe.new
- <SYSTEM32>\dllcache\wordpad.exe with <SYSTEM32>\dllcache\wordpad.exe.new
- %WINDIR%\Help\Tours\mmTour\tour.exe with %WINDIR%\Help\Tours\mmTour\tour.exe.new
- <SYSTEM32>\dllcache\pinball.exe with <SYSTEM32>\dllcache\pinball.exe.new
- <SYSTEM32>\dllcache\inetwiz.exe with <SYSTEM32>\dllcache\inetwiz.exe.new
- <SYSTEM32>\dllcache\icwtutor.exe with <SYSTEM32>\dllcache\icwtutor.exe.new
- <SYSTEM32>\dllcache\iedw.exe with <SYSTEM32>\dllcache\iedw.exe.new
- <SYSTEM32>\dllcache\isignup.exe with <SYSTEM32>\dllcache\isignup.exe.new
- <SYSTEM32>\dllcache\icwrmind.exe with <SYSTEM32>\dllcache\icwrmind.exe.new
- <SYSTEM32>\dllcache\sapisvr.exe with <SYSTEM32>\dllcache\sapisvr.exe.new
- <SYSTEM32>\dllcache\msinfo32.exe with <SYSTEM32>\dllcache\msinfo32.exe.new
- <SYSTEM32>\dllcache\icwconn2.exe with <SYSTEM32>\dllcache\icwconn2.exe.new
- <SYSTEM32>\dllcache\icwconn1.exe with <SYSTEM32>\dllcache\icwconn1.exe.new
- <SYSTEM32>\dllcache\iexplore.exe with <SYSTEM32>\dllcache\iexplore.exe.new
- <SYSTEM32>\dllcache\zclientm.exe with <SYSTEM32>\dllcache\zclientm.exe.new
- <SYSTEM32>\dllcache\shvlzm.exe with <SYSTEM32>\dllcache\shvlzm.exe.new
- <SYSTEM32>\dllcache\conf.exe with <SYSTEM32>\dllcache\conf.exe.new
- <SYSTEM32>\dllcache\cb32.exe with <SYSTEM32>\dllcache\cb32.exe.new
- <SYSTEM32>\dllcache\rvsezm.exe with <SYSTEM32>\dllcache\rvsezm.exe.new
- <SYSTEM32>\dllcache\bckgzm.exe with <SYSTEM32>\dllcache\bckgzm.exe.new
- <SYSTEM32>\dllcache\moviemk.exe with <SYSTEM32>\dllcache\moviemk.exe.new
- <SYSTEM32>\dllcache\hrtzzm.exe with <SYSTEM32>\dllcache\hrtzzm.exe.new
- <SYSTEM32>\dllcache\chkrzm.exe with <SYSTEM32>\dllcache\chkrzm.exe.new
- <Drive name for removable media>:\AutoRun.inf
- <Drive name for removable media>:\WinNT.com
- User Account Control (UAC)
- Windows Security Center
- '<SYSTEM32>\ntldr.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe:Flinched
- %TEMP%\RCXC1.tmp
- %TEMP%\RCXC2.tmp
- %TEMP%\_+_qaoyp.tmp
- %TEMP%\RCXC0.tmp
- %TEMP%\RCXBF.tmp
- %TEMP%\RCXBE.tmp
- %TEMP%\_+_coqcd.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe:Flinched
- %TEMP%\_+_vljos.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe:Flinched
- %TEMP%\RCXC7.tmp
- %TEMP%\RCXC6.tmp
- %TEMP%\RCXC5.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe:Flinched
- %TEMP%\RCXC3.tmp
- %TEMP%\RCXC4.tmp
- %TEMP%\_+_uqxly.tmp
- %TEMP%\RCXB8.tmp
- %TEMP%\_+_dmusb.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe:Flinched
- %TEMP%\RCXB9.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe:Flinched
- %TEMP%\_+_ymzof.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe:Flinched
- %TEMP%\RCXB7.tmp
- %TEMP%\RCXB6.tmp
- %TEMP%\RCXBD.tmp
- %TEMP%\RCXBC.tmp
- %TEMP%\_+_wnlwe.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe:Flinched
- %TEMP%\_+_oczvu.tmp
- %TEMP%\RCXBA.tmp
- %TEMP%\_+_zhkkf.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:Flinched
- %TEMP%\RCXBB.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ilasm.exe:Flinched
- %TEMP%\RCXD3.tmp
- %TEMP%\RCXD4.tmp
- %TEMP%\_+_olfed.tmp
- %TEMP%\RCXD2.tmp
- %TEMP%\RCXD1.tmp
- %TEMP%\RCXD0.tmp
- %TEMP%\_+_cnypi.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe:Flinched
- %TEMP%\_+_fvdvi.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\jsc.exe:Flinched
- %TEMP%\RCXD9.tmp
- %TEMP%\RCXD8.tmp
- %TEMP%\RCXD7.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe:Flinched
- %TEMP%\RCXD5.tmp
- %TEMP%\RCXD6.tmp
- %TEMP%\_+_tvxov.tmp
- %TEMP%\RCXCA.tmp
- %TEMP%\_+_duikg.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe:Flinched
- %TEMP%\RCXCB.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe:Flinched
- %TEMP%\_+_mbvhx.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe:Flinched
- %TEMP%\RCXC9.tmp
- %TEMP%\RCXC8.tmp
- %TEMP%\RCXCF.tmp
- %TEMP%\RCXCE.tmp
- %TEMP%\_+_ewkle.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe:Flinched
- %TEMP%\_+_dfxva.tmp
- %TEMP%\RCXCC.tmp
- %TEMP%\_+_oxpmw.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe:Flinched
- %TEMP%\RCXCD.tmp
- %TEMP%\RCXB5.tmp
- %TEMP%\RCX9D.tmp
- %TEMP%\RCX9C.tmp
- %TEMP%\_+_fgmst.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe:Flinched
- %TEMP%\_+_gejqp.tmp
- %TEMP%\RCX9A.tmp
- %TEMP%\_+_btjme.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe:Flinched
- %TEMP%\RCX9B.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe:Flinched
- %TEMP%\RCXA1.tmp
- %TEMP%\RCXA2.tmp
- %TEMP%\_+_lvzkt.tmp
- %TEMP%\RCXA0.tmp
- %TEMP%\RCX9F.tmp
- %TEMP%\RCX9E.tmp
- %TEMP%\_+_xeknc.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe:Flinched
- %TEMP%\_+_bqgfd.tmp
- %WINDIR%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe:Flinched
- %TEMP%\RCX95.tmp
- %TEMP%\RCX94.tmp
- %TEMP%\RCX93.tmp
- %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\XPSViewer_X86.exe:Flinched
- %TEMP%\RCX91.tmp
- %TEMP%\RCX92.tmp
- %TEMP%\_+_udhmm.tmp
- %TEMP%\RCX98.tmp
- %TEMP%\_+_mmaiu.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe:Flinched
- %TEMP%\RCX99.tmp
- %WINDIR%\Microsoft.NET\Framework\NETFXSBS10.exe:Flinched
- %TEMP%\_+_npcol.tmp
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe:Flinched
- %TEMP%\RCX97.tmp
- %TEMP%\RCX96.tmp
- %TEMP%\RCXAF.tmp
- %TEMP%\RCXAE.tmp
- %TEMP%\_+_ckqlf.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe:Flinched
- %TEMP%\_+_witqt.tmp
- %TEMP%\RCXAC.tmp
- %TEMP%\_+_njatf.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe:Flinched
- %TEMP%\RCXAD.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe:Flinched
- %TEMP%\RCXB3.tmp
- %TEMP%\RCXB4.tmp
- %TEMP%\_+_ldqjj.tmp
- %TEMP%\RCXB2.tmp
- %TEMP%\RCXB1.tmp
- %TEMP%\RCXB0.tmp
- %TEMP%\_+_wbszq.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe:Flinched
- %TEMP%\_+_nggvd.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe:Flinched
- %TEMP%\RCXA7.tmp
- %TEMP%\RCXA6.tmp
- %TEMP%\RCXA5.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe:Flinched
- %TEMP%\RCXA3.tmp
- %TEMP%\RCXA4.tmp
- %TEMP%\_+_rsuox.tmp
- %TEMP%\RCXAA.tmp
- %TEMP%\_+_ctsau.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe:Flinched
- %TEMP%\RCXAB.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe:Flinched
- %TEMP%\_+_ahepr.tmp
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe:Flinched
- %TEMP%\RCXA9.tmp
- %TEMP%\RCXA8.tmp
- %TEMP%\_+_jeanj.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\vbc.exe:Flinched
- %TEMP%\RCX10B.tmp
- %TEMP%\RCX10A.tmp
- %TEMP%\RCX109.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\MSBuild.exe:Flinched
- %TEMP%\RCX107.tmp
- %TEMP%\RCX108.tmp
- %TEMP%\_+_niyty.tmp
- %TEMP%\RCX10E.tmp
- %TEMP%\_+_iqadr.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe:Flinched
- %TEMP%\RCX10F.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe:Flinched
- %TEMP%\_+_wjtfm.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\WFServicesReg.exe:Flinched
- %TEMP%\RCX10D.tmp
- %TEMP%\RCX10C.tmp
- %TEMP%\RCX101.tmp
- %TEMP%\RCX100.tmp
- %TEMP%\_+_jynns.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\EdmGen.exe:Flinched
- %TEMP%\_+_puake.tmp
- %TEMP%\RCXFE.tmp
- %TEMP%\_+_htowc.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe:Flinched
- %TEMP%\RCXFF.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe:Flinched
- %TEMP%\RCX105.tmp
- %TEMP%\RCX106.tmp
- %TEMP%\_+_xuzxp.tmp
- %TEMP%\RCX104.tmp
- %TEMP%\RCX103.tmp
- %TEMP%\RCX102.tmp
- %TEMP%\_+_gmthc.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe:Flinched
- %TEMP%\_+_koahw.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe:Flinched
- %TEMP%\RCX11D.tmp
- %TEMP%\RCX11C.tmp
- %TEMP%\RCX11B.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe:Flinched
- %TEMP%\RCX119.tmp
- %TEMP%\RCX11A.tmp
- %TEMP%\_+_kgtxz.tmp
- %TEMP%\RCX120.tmp
- %TEMP%\_+_pekah.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe:Flinched
- %TEMP%\RCX121.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe:Flinched
- %TEMP%\_+_guyuv.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe:Flinched
- %TEMP%\RCX11F.tmp
- %TEMP%\RCX11E.tmp
- %TEMP%\RCX113.tmp
- %TEMP%\RCX112.tmp
- %TEMP%\_+_qywjj.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe:Flinched
- %TEMP%\_+_slcyv.tmp
- %TEMP%\RCX110.tmp
- %TEMP%\_+_fvcfg.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe:Flinched
- %TEMP%\RCX111.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe:Flinched
- %TEMP%\RCX117.tmp
- %TEMP%\RCX118.tmp
- %TEMP%\_+_grflk.tmp
- %TEMP%\RCX116.tmp
- %TEMP%\RCX115.tmp
- %TEMP%\RCX114.tmp
- %TEMP%\_+_acmbh.tmp
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe:Flinched
- %WINDIR%\Microsoft.NET\Framework\v3.5\csc.exe:Flinched
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe:Flinched
- %TEMP%\RCXE5.tmp
- %TEMP%\RCXE6.tmp
- %TEMP%\_+_fnwof.tmp
- %TEMP%\RCXE4.tmp
- %TEMP%\RCXE3.tmp
- %TEMP%\RCXE2.tmp
- %TEMP%\_+_hftby.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe:Flinched
- %TEMP%\_+_nplic.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe:Flinched
- %TEMP%\RCXEB.tmp
- %TEMP%\RCXEA.tmp
- %TEMP%\RCXE9.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe:Flinched
- %TEMP%\RCXE7.tmp
- %TEMP%\RCXE8.tmp
- %TEMP%\_+_gfpen.tmp
- %TEMP%\RCXDC.tmp
- %TEMP%\_+_noxfv.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ngen.exe:Flinched
- %TEMP%\RCXDD.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe:Flinched
- %TEMP%\_+_hqoqe.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe:Flinched
- %TEMP%\RCXDB.tmp
- %TEMP%\RCXDA.tmp
- %TEMP%\RCXE1.tmp
- %TEMP%\RCXE0.tmp
- %TEMP%\_+_bpzem.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe:Flinched
- %TEMP%\_+_zskwp.tmp
- %TEMP%\RCXDE.tmp
- %TEMP%\_+_lfslj.tmp
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe:Flinched
- %TEMP%\RCXDF.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess.exe:Flinched
- %TEMP%\RCXF7.tmp
- %TEMP%\RCXF8.tmp
- %TEMP%\_+_btpzg.tmp
- %TEMP%\RCXF6.tmp
- %TEMP%\RCXF5.tmp
- %TEMP%\RCXF4.tmp
- %TEMP%\_+_cqwei.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe:Flinched
- %TEMP%\_+_yvaoc.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInUtil.exe:Flinched
- %TEMP%\RCXFD.tmp
- %TEMP%\RCXFC.tmp
- %TEMP%\RCXFB.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.5\AddInProcess32.exe:Flinched
- %TEMP%\RCXF9.tmp
- %TEMP%\RCXFA.tmp
- %TEMP%\_+_hocmr.tmp
- %TEMP%\RCXEE.tmp
- %TEMP%\_+_bydtu.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe:Flinched
- %TEMP%\RCXEF.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe:Flinched
- %TEMP%\_+_plhyj.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe:Flinched
- %TEMP%\RCXED.tmp
- %TEMP%\RCXEC.tmp
- %TEMP%\RCXF3.tmp
- %TEMP%\RCXF2.tmp
- %TEMP%\_+_jyzau.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe:Flinched
- %TEMP%\_+_qikuw.tmp
- %TEMP%\RCXF0.tmp
- %TEMP%\_+_vbgho.tmp
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe:Flinched
- %TEMP%\RCXF1.tmp
- %TEMP%\RCX90.tmp
- %TEMP%\RCX30.tmp
- %TEMP%\_+_kxdru.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.exe:Flinched
- %TEMP%\RCX31.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\inetwiz.exe:Flinched
- %TEMP%\_+_uigyw.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwtutor.exe:Flinched
- %TEMP%\RCX2F.tmp
- %TEMP%\RCX2E.tmp
- %TEMP%\RCX35.tmp
- %TEMP%\RCX34.tmp
- %TEMP%\_+_ohxxy.tmp
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE:Flinched
- %TEMP%\_+_ydgoj.tmp
- %TEMP%\RCX32.tmp
- %TEMP%\_+_lgqri.tmp
- %PROGRAM_FILES%\Internet Explorer\iedw.exe:Flinched
- %TEMP%\RCX33.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn1.exe:Flinched
- %TEMP%\RCX27.tmp
- %TEMP%\RCX28.tmp
- %TEMP%\_+_oeptt.tmp
- %TEMP%\RCX26.tmp
- %TEMP%\RCX25.tmp
- %TEMP%\RCX24.tmp
- %TEMP%\_+_oujjr.tmp
- %PROGRAM_FILES%\FireFox\xpt_link.exe:Flinched
- %TEMP%\_+_qtbkl.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwrmind.exe:Flinched
- %TEMP%\RCX2D.tmp
- %TEMP%\RCX2C.tmp
- %TEMP%\RCX2B.tmp
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\icwconn2.exe:Flinched
- %TEMP%\RCX29.tmp
- %TEMP%\RCX2A.tmp
- %TEMP%\_+_buwvf.tmp
- %TEMP%\RCX42.tmp
- %TEMP%\_+_rxydg.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\chkrzm.exe:Flinched
- %TEMP%\RCX43.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\bckgzm.exe:Flinched
- %TEMP%\_+_ouoic.tmp
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\msnsusii.exe:Flinched
- %TEMP%\RCX41.tmp
- %TEMP%\RCX40.tmp
- %TEMP%\RCX47.tmp
- %TEMP%\RCX46.tmp
- %TEMP%\_+_hvohf.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\Rvsezm.exe:Flinched
- %TEMP%\_+_entxj.tmp
- %TEMP%\RCX44.tmp
- %TEMP%\_+_tvnyz.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\hrtzzm.exe:Flinched
- %TEMP%\RCX45.tmp
- %PROGRAM_FILES%\Movie Maker\moviemk.exe:Flinched
- %TEMP%\RCX39.tmp
- %TEMP%\RCX3A.tmp
- %TEMP%\_+_iksaq.tmp
- %TEMP%\RCX38.tmp
- %TEMP%\RCX37.tmp
- %TEMP%\RCX36.tmp
- %TEMP%\_+_wobtf.tmp
- %PROGRAM_FILES%\Messenger\msmsgs.exe:Flinched
- %TEMP%\_+_mlhuj.tmp
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe:Flinched
- %TEMP%\RCX3F.tmp
- %TEMP%\RCX3E.tmp
- %TEMP%\RCX3D.tmp
- %PROGRAM_FILES%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe:Flinched
- %TEMP%\RCX3B.tmp
- %TEMP%\RCX3C.tmp
- %TEMP%\_+_ykwyw.tmp
- %TEMP%\_+_ncexb.tmp
- %TEMP%\_+_aqpno.tmp
- %CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.exe:Flinched
- %TEMP%\RCXD.tmp
- %TEMP%\RCXC.tmp
- %TEMP%\RCXB.tmp
- %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe:Flinched
- %TEMP%\RCX9.tmp
- %TEMP%\RCXA.tmp
- %TEMP%\_+_huyon.tmp
- %TEMP%\RCX10.tmp
- %TEMP%\_+_ejxro.tmp
- %PROGRAM_FILES%\FireFox\js.exe:Flinched
- %TEMP%\RCX11.tmp
- %PROGRAM_FILES%\FireFox\firefox.exe:Flinched
- %TEMP%\_+_urzhd.tmp
- %PROGRAM_FILES%\FireFox\crashreporter.exe:Flinched
- %TEMP%\RCXF.tmp
- %TEMP%\RCXE.tmp
- %TEMP%\RCX3.tmp
- %TEMP%\RCX2.tmp
- %TEMP%\_+_jwpuz.tmp
- C:\Far2\Far.exe:Flinched
- %TEMP%\_+_pctge.tmp
- <SYSTEM32>\RCX1.tmp
- <SYSTEM32>\ntldr.exe
- C:\AutoRun.inf
- C:\WinNT.com
- %CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE:Flinched
- %TEMP%\RCX7.tmp
- %TEMP%\RCX8.tmp
- %TEMP%\_+_ovnuh.tmp
- %TEMP%\RCX6.tmp
- %TEMP%\RCX5.tmp
- %TEMP%\RCX4.tmp
- %TEMP%\_+_eyovk.tmp
- %CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE:Flinched
- %TEMP%\_+_bufvd.tmp
- %PROGRAM_FILES%\FireFox\updater.exe:Flinched
- %TEMP%\RCX1F.tmp
- %TEMP%\RCX1E.tmp
- %TEMP%\RCX1D.tmp
- %PROGRAM_FILES%\FireFox\uninstall\helper.exe:Flinched
- %TEMP%\RCX1B.tmp
- %TEMP%\RCX1C.tmp
- %TEMP%\_+_awgne.tmp
- %TEMP%\RCX22.tmp
- %TEMP%\_+_ziefe.tmp
- %PROGRAM_FILES%\FireFox\xpt_dump.exe:Flinched
- %TEMP%\RCX23.tmp
- %PROGRAM_FILES%\FireFox\xpidl.exe:Flinched
- %TEMP%\_+_shhxw.tmp
- %PROGRAM_FILES%\FireFox\xpcshell.exe:Flinched
- %TEMP%\RCX21.tmp
- %TEMP%\RCX20.tmp
- %TEMP%\RCX15.tmp
- %TEMP%\RCX14.tmp
- %TEMP%\_+_pfhbj.tmp
- %PROGRAM_FILES%\FireFox\nsinstall.exe:Flinched
- %TEMP%\_+_zixoh.tmp
- %TEMP%\RCX12.tmp
- %TEMP%\_+_ygnvl.tmp
- %PROGRAM_FILES%\FireFox\mangle.exe:Flinched
- %TEMP%\RCX13.tmp
- %PROGRAM_FILES%\FireFox\shlibsign.exe:Flinched
- %TEMP%\RCX19.tmp
- %TEMP%\RCX1A.tmp
- %TEMP%\_+_zxwrp.tmp
- %TEMP%\RCX18.tmp
- %TEMP%\RCX17.tmp
- %TEMP%\RCX16.tmp
- %TEMP%\_+_lmqjv.tmp
- %PROGRAM_FILES%\FireFox\plugin-container.exe:Flinched
- %TEMP%\RCX79.tmp
- %TEMP%\RCX78.tmp
- %TEMP%\_+_osftw.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe:Flinched
- %TEMP%\_+_fffzs.tmp
- %TEMP%\RCX76.tmp
- %TEMP%\_+_klpgu.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe:Flinched
- %TEMP%\RCX77.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe:Flinched
- %TEMP%\RCX7D.tmp
- %TEMP%\RCX7E.tmp
- %TEMP%\_+_krvzc.tmp
- %TEMP%\RCX7C.tmp
- %TEMP%\RCX7B.tmp
- %TEMP%\RCX7A.tmp
- %TEMP%\_+_obxmo.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe:Flinched
- %TEMP%\_+_kuomq.tmp
- %WINDIR%\$NtUninstallKB942288-v3$\msiexec.exe:Flinched
- %TEMP%\RCX71.tmp
- %TEMP%\RCX70.tmp
- %TEMP%\RCX6F.tmp
- <Auxiliary element>
- %TEMP%\RCX6D.tmp
- %TEMP%\RCX6E.tmp
- %TEMP%\_+_sawyi.tmp
- %TEMP%\RCX74.tmp
- %TEMP%\_+_rnfgd.tmp
- %WINDIR%\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe:Flinched
- %TEMP%\RCX75.tmp
- %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.exe:Flinched
- %TEMP%\_+_ffqdj.tmp
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.exe:Flinched
- %TEMP%\RCX73.tmp
- %TEMP%\RCX72.tmp
- %TEMP%\RCX8A.tmp
- %TEMP%\_+_jkxvq.tmp
- %WINDIR%\hh.exe:Flinched
- %TEMP%\RCX8B.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- %TEMP%\RCX88.tmp
- %TEMP%\_+_invjl.tmp
- %WINDIR%\Help\Tours\mmTour\tour.exe:Flinched
- %TEMP%\RCX89.tmp
- %TEMP%\RCX8F.tmp
- %TEMP%\RCX8E.tmp
- %TEMP%\_+_dtybz.tmp
- %WINDIR%\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHost_X86.exe:Flinched
- %TEMP%\_+_oakfe.tmp
- %TEMP%\RCX8C.tmp
- %TEMP%\_+_nyrgq.tmp
- %WINDIR%\inf\unregmp2.exe:Flinched
- %TEMP%\RCX8D.tmp
- %TEMP%\_+_aohwo.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe:Flinched
- %TEMP%\RCX83.tmp
- %TEMP%\RCX82.tmp
- %TEMP%\RCX81.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe:Flinched
- %TEMP%\RCX7F.tmp
- %TEMP%\RCX80.tmp
- %TEMP%\_+_vbbrh.tmp
- %TEMP%\RCX86.tmp
- %TEMP%\_+_shsao.tmp
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe:Flinched
- %TEMP%\RCX87.tmp
- %WINDIR%\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe:Flinched
- %TEMP%\_+_aasig.tmp
- %WINDIR%\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe:Flinched
- %TEMP%\RCX85.tmp
- %TEMP%\RCX84.tmp
- %TEMP%\RCX6C.tmp
- %TEMP%\RCX54.tmp
- %TEMP%\_+_yftlj.tmp
- %PROGRAM_FILES%\Outlook Express\oemig50.exe:Flinched
- %TEMP%\RCX55.tmp
- %PROGRAM_FILES%\Outlook Express\msimn.exe:Flinched
- %TEMP%\_+_pbokj.tmp
- %PROGRAM_FILES%\NetMeeting\wb32.exe:Flinched
- %TEMP%\RCX53.tmp
- %TEMP%\RCX52.tmp
- %TEMP%\RCX59.tmp
- %TEMP%\RCX58.tmp
- %TEMP%\_+_gaqxm.tmp
- %PROGRAM_FILES%\Outlook Express\wab.exe:Flinched
- %TEMP%\_+_gkltk.tmp
- %TEMP%\RCX56.tmp
- %TEMP%\_+_bzsds.tmp
- %PROGRAM_FILES%\Outlook Express\setup50.exe:Flinched
- %TEMP%\RCX57.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\zClientm.exe:Flinched
- %TEMP%\RCX4B.tmp
- %TEMP%\RCX4C.tmp
- %TEMP%\_+_tnsmz.tmp
- %TEMP%\RCX4A.tmp
- %TEMP%\RCX49.tmp
- %TEMP%\RCX48.tmp
- %TEMP%\_+_dymkr.tmp
- %PROGRAM_FILES%\MSN Gaming Zone\Windows\shvlzm.exe:Flinched
- %TEMP%\_+_chlne.tmp
- %PROGRAM_FILES%\NetMeeting\conf.exe:Flinched
- %TEMP%\RCX51.tmp
- %TEMP%\RCX50.tmp
- %TEMP%\RCX4F.tmp
- %PROGRAM_FILES%\NetMeeting\cb32.exe:Flinched
- %TEMP%\RCX4D.tmp
- %TEMP%\RCX4E.tmp
- %TEMP%\_+_liksk.tmp
- %TEMP%\RCX66.tmp
- %TEMP%\_+_netxn.tmp
- %PROGRAM_FILES%\Windows NT\dialer.exe:Flinched
- %TEMP%\RCX67.tmp
- %PROGRAM_FILES%\Windows NT\Accessories\wordpad.exe:Flinched
- %TEMP%\_+_nkstq.tmp
- %PROGRAM_FILES%\Windows Media Player\wmplayer.exe:Flinched
- %TEMP%\RCX65.tmp
- %TEMP%\RCX64.tmp
- %TEMP%\RCX6B.tmp
- %TEMP%\RCX6A.tmp
- %TEMP%\_+_ycoln.tmp
- %PROGRAM_FILES%\Windows NT\Pinball\PINBALL.EXE:Flinched
- %TEMP%\_+_hfztm.tmp
- %TEMP%\RCX68.tmp
- %TEMP%\_+_oqqze.tmp
- %PROGRAM_FILES%\Windows NT\hypertrm.exe:Flinched
- %TEMP%\RCX69.tmp
- %PROGRAM_FILES%\Windows Media Player\migrate.exe:Flinched
- %TEMP%\RCX5D.tmp
- %TEMP%\RCX5E.tmp
- %TEMP%\_+_stmxj.tmp
- %TEMP%\RCX5C.tmp
- %TEMP%\RCX5B.tmp
- %TEMP%\RCX5A.tmp
- %TEMP%\_+_mnfjf.tmp
- %PROGRAM_FILES%\Outlook Express\wabmig.exe:Flinched
- %TEMP%\_+_qmzgo.tmp
- %PROGRAM_FILES%\Windows Media Player\setup_wm.exe:Flinched
- %TEMP%\RCX63.tmp
- %TEMP%\RCX62.tmp
- %TEMP%\RCX61.tmp
- %PROGRAM_FILES%\Windows Media Player\mplayer2.exe:Flinched
- %TEMP%\RCX5F.tmp
- %TEMP%\RCX60.tmp
- %TEMP%\_+_gwnwy.tmp
- C:\AutoRun.inf
- <Drive name for removable media>:\AutoRun.inf
- C:\WinNT.com
- <SYSTEM32>\ntldr.exe
- <Drive name for removable media>:\WinNT.com
- %TEMP%\_+_qaoyp.tmp
- %TEMP%\_+_coqcd.tmp
- %TEMP%\_+_vljos.tmp
- %TEMP%\_+_uqxly.tmp
- %TEMP%\_+_wnlwe.tmp
- %TEMP%\_+_dmusb.tmp
- %TEMP%\_+_ymzof.tmp
- %TEMP%\_+_oczvu.tmp
- %TEMP%\_+_zhkkf.tmp
- %TEMP%\_+_olfed.tmp
- %TEMP%\_+_cnypi.tmp
- %TEMP%\_+_fvdvi.tmp
- %TEMP%\_+_tvxov.tmp
- %TEMP%\_+_ewkle.tmp
- %TEMP%\_+_duikg.tmp
- %TEMP%\_+_mbvhx.tmp
- %TEMP%\_+_dfxva.tmp
- %TEMP%\_+_oxpmw.tmp
- %TEMP%\_+_fgmst.tmp
- %TEMP%\_+_gejqp.tmp
- %TEMP%\_+_lvzkt.tmp
- %TEMP%\_+_xeknc.tmp
- %TEMP%\_+_btjme.tmp
- %TEMP%\_+_bqgfd.tmp
- %TEMP%\_+_udhmm.tmp
- %TEMP%\_+_mmaiu.tmp
- %TEMP%\_+_npcol.tmp
- %TEMP%\_+_ckqlf.tmp
- %TEMP%\_+_witqt.tmp
- %TEMP%\_+_ldqjj.tmp
- %TEMP%\_+_wbszq.tmp
- %TEMP%\_+_njatf.tmp
- %TEMP%\_+_nggvd.tmp
- %TEMP%\_+_rsuox.tmp
- %TEMP%\_+_ctsau.tmp
- %TEMP%\_+_ahepr.tmp
- %TEMP%\_+_jeanj.tmp
- %TEMP%\_+_niyty.tmp
- %TEMP%\_+_iqadr.tmp
- %TEMP%\_+_wjtfm.tmp
- %TEMP%\_+_xuzxp.tmp
- %TEMP%\_+_puake.tmp
- %TEMP%\_+_htowc.tmp
- %TEMP%\_+_gmthc.tmp
- %TEMP%\_+_jynns.tmp
- %TEMP%\_+_koahw.tmp
- %TEMP%\_+_kgtxz.tmp
- %TEMP%\_+_pekah.tmp
- %TEMP%\_+_guyuv.tmp
- %TEMP%\_+_grflk.tmp
- %TEMP%\_+_slcyv.tmp
- %TEMP%\_+_fvcfg.tmp
- %TEMP%\_+_acmbh.tmp
- %TEMP%\_+_qywjj.tmp
- %TEMP%\_+_fnwof.tmp
- %TEMP%\_+_hftby.tmp
- %TEMP%\_+_nplic.tmp
- %TEMP%\_+_gfpen.tmp
- %TEMP%\_+_bpzem.tmp
- %TEMP%\_+_noxfv.tmp
- %TEMP%\_+_hqoqe.tmp
- %TEMP%\_+_zskwp.tmp
- %TEMP%\_+_lfslj.tmp
- %TEMP%\_+_btpzg.tmp
- %TEMP%\_+_cqwei.tmp
- %TEMP%\_+_yvaoc.tmp
- %TEMP%\_+_hocmr.tmp
- %TEMP%\_+_jyzau.tmp
- %TEMP%\_+_bydtu.tmp
- %TEMP%\_+_plhyj.tmp
- %TEMP%\_+_qikuw.tmp
- %TEMP%\_+_vbgho.tmp
- %TEMP%\_+_dtybz.tmp
- %TEMP%\_+_kxdru.tmp
- %TEMP%\_+_uigyw.tmp
- %TEMP%\_+_ydgoj.tmp
- %TEMP%\_+_lgqri.tmp
- %TEMP%\_+_qtbkl.tmp
- %TEMP%\_+_oujjr.tmp
- %TEMP%\_+_ncexb.tmp
- %TEMP%\_+_buwvf.tmp
- %TEMP%\_+_oeptt.tmp
- %TEMP%\_+_rxydg.tmp
- %TEMP%\_+_ouoic.tmp
- %TEMP%\_+_entxj.tmp
- %TEMP%\_+_tvnyz.tmp
- %TEMP%\_+_mlhuj.tmp
- %TEMP%\_+_wobtf.tmp
- %TEMP%\_+_ohxxy.tmp
- %TEMP%\_+_ykwyw.tmp
- %TEMP%\_+_iksaq.tmp
- %TEMP%\_+_aqpno.tmp
- %TEMP%\_+_huyon.tmp
- %TEMP%\_+_ejxro.tmp
- %TEMP%\_+_urzhd.tmp
- %TEMP%\_+_ovnuh.tmp
- %TEMP%\_+_pctge.tmp
- <SYSTEM32>\ntldr.exe
- %TEMP%\_+_eyovk.tmp
- %TEMP%\_+_jwpuz.tmp
- %TEMP%\_+_bufvd.tmp
- %TEMP%\_+_awgne.tmp
- %TEMP%\_+_ziefe.tmp
- %TEMP%\_+_shhxw.tmp
- %TEMP%\_+_zxwrp.tmp
- %TEMP%\_+_zixoh.tmp
- %TEMP%\_+_ygnvl.tmp
- %TEMP%\_+_lmqjv.tmp
- %TEMP%\_+_pfhbj.tmp
- %TEMP%\_+_fffzs.tmp
- %TEMP%\_+_klpgu.tmp
- %TEMP%\_+_obxmo.tmp
- %TEMP%\_+_osftw.tmp
- %TEMP%\_+_rnfgd.tmp
- %TEMP%\_+_sawyi.tmp
- %TEMP%\_+_ycoln.tmp
- %TEMP%\_+_ffqdj.tmp
- %TEMP%\_+_kuomq.tmp
- %TEMP%\_+_jkxvq.tmp
- %TEMP%\_+_invjl.tmp
- %TEMP%\_+_oakfe.tmp
- %TEMP%\_+_nyrgq.tmp
- %TEMP%\_+_shsao.tmp
- %TEMP%\_+_vbbrh.tmp
- %TEMP%\_+_krvzc.tmp
- %TEMP%\_+_aasig.tmp
- %TEMP%\_+_aohwo.tmp
- %TEMP%\_+_yftlj.tmp
- %TEMP%\_+_pbokj.tmp
- %TEMP%\_+_gkltk.tmp
- %TEMP%\_+_bzsds.tmp
- %TEMP%\_+_chlne.tmp
- %TEMP%\_+_dymkr.tmp
- %TEMP%\_+_hvohf.tmp
- %TEMP%\_+_liksk.tmp
- %TEMP%\_+_tnsmz.tmp
- %TEMP%\_+_netxn.tmp
- %TEMP%\_+_nkstq.tmp
- %TEMP%\_+_hfztm.tmp
- %TEMP%\_+_oqqze.tmp
- %TEMP%\_+_qmzgo.tmp
- %TEMP%\_+_mnfjf.tmp
- %TEMP%\_+_gaqxm.tmp
- %TEMP%\_+_gwnwy.tmp
- %TEMP%\_+_stmxj.tmp
- from %TEMP%\RCXC0.tmp to %TEMP%\_+_coqcd.tmp
- from %TEMP%\RCXC1.tmp to %TEMP%\_+_coqcd.tmp
- from %TEMP%\RCXBE.tmp to %TEMP%\_+_wnlwe.tmp
- from %TEMP%\RCXBF.tmp to %TEMP%\_+_wnlwe.tmp
- from %TEMP%\RCXC2.tmp to %TEMP%\_+_qaoyp.tmp
- from %TEMP%\RCXC5.tmp to %TEMP%\_+_uqxly.tmp
- from %TEMP%\RCXC6.tmp to %TEMP%\_+_vljos.tmp
- from %TEMP%\RCXC3.tmp to %TEMP%\_+_qaoyp.tmp
- from %TEMP%\RCXC4.tmp to %TEMP%\_+_uqxly.tmp
- from %TEMP%\RCXB7.tmp to %TEMP%\_+_ymzof.tmp
- from %TEMP%\RCXB8.tmp to %TEMP%\_+_dmusb.tmp
- from %TEMP%\RCXB5.tmp to %TEMP%\_+_ldqjj.tmp
- from %TEMP%\RCXB6.tmp to %TEMP%\_+_ymzof.tmp
- from %TEMP%\RCXB9.tmp to %TEMP%\_+_dmusb.tmp
- from %TEMP%\RCXBC.tmp to %TEMP%\_+_oczvu.tmp
- from %TEMP%\RCXBD.tmp to %TEMP%\_+_oczvu.tmp
- from %TEMP%\RCXBA.tmp to %TEMP%\_+_zhkkf.tmp
- from %TEMP%\RCXBB.tmp to %TEMP%\_+_zhkkf.tmp
- from %TEMP%\RCXD2.tmp to %TEMP%\_+_cnypi.tmp
- from %TEMP%\RCXD3.tmp to %TEMP%\_+_cnypi.tmp
- from %TEMP%\RCXD0.tmp to %TEMP%\_+_ewkle.tmp
- from %TEMP%\RCXD1.tmp to %TEMP%\_+_ewkle.tmp
- from %TEMP%\RCXD4.tmp to %TEMP%\_+_olfed.tmp
- from %TEMP%\RCXD7.tmp to %TEMP%\_+_tvxov.tmp
- from %TEMP%\RCXD8.tmp to %TEMP%\_+_fvdvi.tmp
- from %TEMP%\RCXD5.tmp to %TEMP%\_+_olfed.tmp
- from %TEMP%\RCXD6.tmp to %TEMP%\_+_tvxov.tmp
- from %TEMP%\RCXC9.tmp to %TEMP%\_+_mbvhx.tmp
- from %TEMP%\RCXCA.tmp to %TEMP%\_+_duikg.tmp
- from %TEMP%\RCXC7.tmp to %TEMP%\_+_vljos.tmp
- from %TEMP%\RCXC8.tmp to %TEMP%\_+_mbvhx.tmp
- from %TEMP%\RCXCB.tmp to %TEMP%\_+_duikg.tmp
- from %TEMP%\RCXCE.tmp to %TEMP%\_+_dfxva.tmp
- from %TEMP%\RCXCF.tmp to %TEMP%\_+_dfxva.tmp
- from %TEMP%\RCXCC.tmp to %TEMP%\_+_oxpmw.tmp
- from %TEMP%\RCXCD.tmp to %TEMP%\_+_oxpmw.tmp
- from %TEMP%\RCXB4.tmp to %TEMP%\_+_ldqjj.tmp
- from %TEMP%\RCX9B.tmp to %TEMP%\_+_btjme.tmp
- from %TEMP%\RCX9C.tmp to %TEMP%\_+_gejqp.tmp
- from %TEMP%\RCX99.tmp to %TEMP%\_+_mmaiu.tmp
- from %TEMP%\RCX9A.tmp to %TEMP%\_+_btjme.tmp
- from %TEMP%\RCX9D.tmp to %TEMP%\_+_gejqp.tmp
- from %TEMP%\RCXA0.tmp to %TEMP%\_+_xeknc.tmp
- from %TEMP%\RCXA1.tmp to %TEMP%\_+_xeknc.tmp
- from %TEMP%\RCX9E.tmp to %TEMP%\_+_fgmst.tmp
- from %TEMP%\RCX9F.tmp to %TEMP%\_+_fgmst.tmp
- from %TEMP%\RCX92.tmp to %TEMP%\_+_udhmm.tmp
- from %TEMP%\RCX93.tmp to %TEMP%\_+_udhmm.tmp
- from %TEMP%\RCX90.tmp to %TEMP%\_+_dtybz.tmp
- from %TEMP%\RCX91.tmp to %TEMP%\_+_dtybz.tmp
- from %TEMP%\RCX94.tmp to %TEMP%\_+_bqgfd.tmp
- from %TEMP%\RCX97.tmp to %TEMP%\_+_npcol.tmp
- from %TEMP%\RCX98.tmp to %TEMP%\_+_mmaiu.tmp
- from %TEMP%\RCX95.tmp to %TEMP%\_+_bqgfd.tmp
- from %TEMP%\RCX96.tmp to %TEMP%\_+_npcol.tmp
- from %TEMP%\RCXAD.tmp to %TEMP%\_+_njatf.tmp
- from %TEMP%\RCXAE.tmp to %TEMP%\_+_witqt.tmp
- from %TEMP%\RCXAB.tmp to %TEMP%\_+_ctsau.tmp
- from %TEMP%\RCXAC.tmp to %TEMP%\_+_njatf.tmp
- from %TEMP%\RCXAF.tmp to %TEMP%\_+_witqt.tmp
- from %TEMP%\RCXB2.tmp to %TEMP%\_+_wbszq.tmp
- from %TEMP%\RCXB3.tmp to %TEMP%\_+_wbszq.tmp
- from %TEMP%\RCXB0.tmp to %TEMP%\_+_ckqlf.tmp
- from %TEMP%\RCXB1.tmp to %TEMP%\_+_ckqlf.tmp
- from %TEMP%\RCXA4.tmp to %TEMP%\_+_rsuox.tmp
- from %TEMP%\RCXA5.tmp to %TEMP%\_+_rsuox.tmp
- from %TEMP%\RCXA2.tmp to %TEMP%\_+_lvzkt.tmp
- from %TEMP%\RCXA3.tmp to %TEMP%\_+_lvzkt.tmp
- from %TEMP%\RCXA6.tmp to %TEMP%\_+_nggvd.tmp
- from %TEMP%\RCXA9.tmp to %TEMP%\_+_ahepr.tmp
- from %TEMP%\RCXAA.tmp to %TEMP%\_+_ctsau.tmp
- from %TEMP%\RCXA7.tmp to %TEMP%\_+_nggvd.tmp
- from %TEMP%\RCXA8.tmp to %TEMP%\_+_ahepr.tmp
- from %TEMP%\RCX109.tmp to %TEMP%\_+_niyty.tmp
- from %TEMP%\RCX10A.tmp to %TEMP%\_+_jeanj.tmp
- from %TEMP%\RCX107.tmp to %TEMP%\_+_xuzxp.tmp
- from %TEMP%\RCX108.tmp to %TEMP%\_+_niyty.tmp
- from %TEMP%\RCX10B.tmp to %TEMP%\_+_jeanj.tmp
- from %TEMP%\RCX10E.tmp to %TEMP%\_+_iqadr.tmp
- from %TEMP%\RCX10F.tmp to %TEMP%\_+_iqadr.tmp
- from %TEMP%\RCX10C.tmp to %TEMP%\_+_wjtfm.tmp
- from %TEMP%\RCX10D.tmp to %TEMP%\_+_wjtfm.tmp
- from %TEMP%\RCX100.tmp to %TEMP%\_+_puake.tmp
- from %TEMP%\RCX101.tmp to %TEMP%\_+_puake.tmp
- from %TEMP%\RCXFE.tmp to %TEMP%\_+_htowc.tmp
- from %TEMP%\RCXFF.tmp to %TEMP%\_+_htowc.tmp
- from %TEMP%\RCX102.tmp to %TEMP%\_+_jynns.tmp
- from %TEMP%\RCX105.tmp to %TEMP%\_+_gmthc.tmp
- from %TEMP%\RCX106.tmp to %TEMP%\_+_xuzxp.tmp
- from %TEMP%\RCX103.tmp to %TEMP%\_+_jynns.tmp
- from %TEMP%\RCX104.tmp to %TEMP%\_+_gmthc.tmp
- from %TEMP%\RCX11B.tmp to %TEMP%\_+_kgtxz.tmp
- from %TEMP%\RCX11C.tmp to %TEMP%\_+_koahw.tmp
- from %TEMP%\RCX119.tmp to %TEMP%\_+_grflk.tmp
- from %TEMP%\RCX11A.tmp to %TEMP%\_+_kgtxz.tmp
- from %TEMP%\RCX11D.tmp to %TEMP%\_+_koahw.tmp
- from %TEMP%\RCX120.tmp to %TEMP%\_+_pekah.tmp
- from %TEMP%\RCX121.tmp to %TEMP%\_+_pekah.tmp
- from %TEMP%\RCX11E.tmp to %TEMP%\_+_guyuv.tmp
- from %TEMP%\RCX11F.tmp to %TEMP%\_+_guyuv.tmp
- from %TEMP%\RCX112.tmp to %TEMP%\_+_slcyv.tmp
- from %TEMP%\RCX113.tmp to %TEMP%\_+_slcyv.tmp
- from %TEMP%\RCX110.tmp to %TEMP%\_+_fvcfg.tmp
- from %TEMP%\RCX111.tmp to %TEMP%\_+_fvcfg.tmp
- from %TEMP%\RCX114.tmp to %TEMP%\_+_qywjj.tmp
- from %TEMP%\RCX117.tmp to %TEMP%\_+_acmbh.tmp
- from %TEMP%\RCX118.tmp to %TEMP%\_+_grflk.tmp
- from %TEMP%\RCX115.tmp to %TEMP%\_+_qywjj.tmp
- from %TEMP%\RCX116.tmp to %TEMP%\_+_acmbh.tmp
- from %TEMP%\RCXFD.tmp to %TEMP%\_+_yvaoc.tmp
- from %TEMP%\RCXE4.tmp to %TEMP%\_+_hftby.tmp
- from %TEMP%\RCXE5.tmp to %TEMP%\_+_hftby.tmp
- from %TEMP%\RCXE2.tmp to %TEMP%\_+_bpzem.tmp
- from %TEMP%\RCXE3.tmp to %TEMP%\_+_bpzem.tmp
- from %TEMP%\RCXE6.tmp to %TEMP%\_+_fnwof.tmp
- from %TEMP%\RCXE9.tmp to %TEMP%\_+_gfpen.tmp
- from %TEMP%\RCXEA.tmp to %TEMP%\_+_nplic.tmp
- from %TEMP%\RCXE7.tmp to %TEMP%\_+_fnwof.tmp
- from %TEMP%\RCXE8.tmp to %TEMP%\_+_gfpen.tmp
- from %TEMP%\RCXDB.tmp to %TEMP%\_+_hqoqe.tmp
- from %TEMP%\RCXDC.tmp to %TEMP%\_+_noxfv.tmp
- from %TEMP%\RCXD9.tmp to %TEMP%\_+_fvdvi.tmp
- from %TEMP%\RCXDA.tmp to %TEMP%\_+_hqoqe.tmp
- from %TEMP%\RCXDD.tmp to %TEMP%\_+_noxfv.tmp
- from %TEMP%\RCXE0.tmp to %TEMP%\_+_zskwp.tmp
- from %TEMP%\RCXE1.tmp to %TEMP%\_+_zskwp.tmp
- from %TEMP%\RCXDE.tmp to %TEMP%\_+_lfslj.tmp
- from %TEMP%\RCXDF.tmp to %TEMP%\_+_lfslj.tmp
- from %TEMP%\RCXF6.tmp to %TEMP%\_+_cqwei.tmp
- from %TEMP%\RCXF7.tmp to %TEMP%\_+_cqwei.tmp
- from %TEMP%\RCXF4.tmp to %TEMP%\_+_jyzau.tmp
- from %TEMP%\RCXF5.tmp to %TEMP%\_+_jyzau.tmp
- from %TEMP%\RCXF8.tmp to %TEMP%\_+_btpzg.tmp
- from %TEMP%\RCXFB.tmp to %TEMP%\_+_hocmr.tmp
- from %TEMP%\RCXFC.tmp to %TEMP%\_+_yvaoc.tmp
- from %TEMP%\RCXF9.tmp to %TEMP%\_+_btpzg.tmp
- from %TEMP%\RCXFA.tmp to %TEMP%\_+_hocmr.tmp
- from %TEMP%\RCXED.tmp to %TEMP%\_+_plhyj.tmp
- from %TEMP%\RCXEE.tmp to %TEMP%\_+_bydtu.tmp
- from %TEMP%\RCXEB.tmp to %TEMP%\_+_nplic.tmp
- from %TEMP%\RCXEC.tmp to %TEMP%\_+_plhyj.tmp
- from %TEMP%\RCXEF.tmp to %TEMP%\_+_bydtu.tmp
- from %TEMP%\RCXF2.tmp to %TEMP%\_+_qikuw.tmp
- from %TEMP%\RCXF3.tmp to %TEMP%\_+_qikuw.tmp
- from %TEMP%\RCXF0.tmp to %TEMP%\_+_vbgho.tmp
- from %TEMP%\RCXF1.tmp to %TEMP%\_+_vbgho.tmp
- from %TEMP%\RCX8F.tmp to %TEMP%\_+_oakfe.tmp
- from %TEMP%\RCX31.tmp to %TEMP%\_+_kxdru.tmp
- from %TEMP%\RCX32.tmp to %TEMP%\_+_lgqri.tmp
- from %TEMP%\RCX2F.tmp to %TEMP%\_+_uigyw.tmp
- from %TEMP%\RCX30.tmp to %TEMP%\_+_kxdru.tmp
- from %TEMP%\RCX33.tmp to %TEMP%\_+_lgqri.tmp
- from %TEMP%\RCX36.tmp to %TEMP%\_+_ohxxy.tmp
- from %TEMP%\RCX37.tmp to %TEMP%\_+_ohxxy.tmp
- from %TEMP%\RCX34.tmp to %TEMP%\_+_ydgoj.tmp
- from %TEMP%\RCX35.tmp to %TEMP%\_+_ydgoj.tmp
- from %TEMP%\RCX28.tmp to %TEMP%\_+_oeptt.tmp
- from %TEMP%\RCX29.tmp to %TEMP%\_+_oeptt.tmp
- from %TEMP%\RCX26.tmp to %TEMP%\_+_oujjr.tmp
- from %TEMP%\RCX27.tmp to %TEMP%\_+_oujjr.tmp
- from %TEMP%\RCX2A.tmp to %TEMP%\_+_buwvf.tmp
- from %TEMP%\RCX2D.tmp to %TEMP%\_+_qtbkl.tmp
- from %TEMP%\RCX2E.tmp to %TEMP%\_+_uigyw.tmp
- from %TEMP%\RCX2B.tmp to %TEMP%\_+_buwvf.tmp
- from %TEMP%\RCX2C.tmp to %TEMP%\_+_qtbkl.tmp
- from %TEMP%\RCX43.tmp to %TEMP%\_+_rxydg.tmp
- from %TEMP%\RCX44.tmp to %TEMP%\_+_tvnyz.tmp
- from %TEMP%\RCX41.tmp to %TEMP%\_+_ouoic.tmp
- from %TEMP%\RCX42.tmp to %TEMP%\_+_rxydg.tmp
- from <SYSTEM32>\dllcache\iexplore.exe.new to <SYSTEM32>\dllcache\iexplore.exe
- from %TEMP%\RCX47.tmp to %TEMP%\_+_entxj.tmp
- from %TEMP%\RCX48.tmp to %TEMP%\_+_hvohf.tmp
- from %TEMP%\RCX45.tmp to %TEMP%\_+_tvnyz.tmp
- from %TEMP%\RCX46.tmp to %TEMP%\_+_entxj.tmp
- from %TEMP%\RCX3A.tmp to %TEMP%\_+_iksaq.tmp
- from %TEMP%\RCX3B.tmp to %TEMP%\_+_iksaq.tmp
- from %TEMP%\RCX38.tmp to %TEMP%\_+_wobtf.tmp
- from %TEMP%\RCX39.tmp to %TEMP%\_+_wobtf.tmp
- from %TEMP%\RCX3C.tmp to %TEMP%\_+_ykwyw.tmp
- from %TEMP%\RCX3F.tmp to %TEMP%\_+_mlhuj.tmp
- from %TEMP%\RCX40.tmp to %TEMP%\_+_ouoic.tmp
- from %TEMP%\RCX3D.tmp to %TEMP%\_+_ykwyw.tmp
- from %TEMP%\RCX3E.tmp to %TEMP%\_+_mlhuj.tmp
- from %TEMP%\RCX25.tmp to %TEMP%\_+_ncexb.tmp
- from %TEMP%\RCXC.tmp to %TEMP%\_+_aqpno.tmp
- from %TEMP%\RCXD.tmp to %TEMP%\_+_aqpno.tmp
- from %TEMP%\RCXA.tmp to %TEMP%\_+_huyon.tmp
- from %TEMP%\RCXB.tmp to %TEMP%\_+_huyon.tmp
- from %TEMP%\RCXE.tmp to %TEMP%\_+_urzhd.tmp
- from %TEMP%\RCX11.tmp to %TEMP%\_+_ejxro.tmp
- from %TEMP%\RCX12.tmp to %TEMP%\_+_ygnvl.tmp
- from %TEMP%\RCXF.tmp to %TEMP%\_+_urzhd.tmp
- from %TEMP%\RCX10.tmp to %TEMP%\_+_ejxro.tmp
- from %TEMP%\RCX3.tmp to %TEMP%\_+_pctge.tmp
- from %TEMP%\RCX4.tmp to %TEMP%\_+_jwpuz.tmp
- from <SYSTEM32>\RCX1.tmp to <SYSTEM32>\ntldr.exe
- from %TEMP%\RCX2.tmp to %TEMP%\_+_pctge.tmp
- from %TEMP%\RCX5.tmp to %TEMP%\_+_jwpuz.tmp
- from %TEMP%\RCX8.tmp to %TEMP%\_+_ovnuh.tmp
- from %TEMP%\RCX9.tmp to %TEMP%\_+_ovnuh.tmp
- from %TEMP%\RCX6.tmp to %TEMP%\_+_eyovk.tmp
- from %TEMP%\RCX7.tmp to %TEMP%\_+_eyovk.tmp
- from %TEMP%\RCX1E.tmp to %TEMP%\_+_bufvd.tmp
- from %TEMP%\RCX1F.tmp to %TEMP%\_+_bufvd.tmp
- from %TEMP%\RCX1C.tmp to %TEMP%\_+_awgne.tmp
- from %TEMP%\RCX1D.tmp to %TEMP%\_+_awgne.tmp
- from %TEMP%\RCX20.tmp to %TEMP%\_+_shhxw.tmp
- from %TEMP%\RCX23.tmp to %TEMP%\_+_ziefe.tmp
- from %TEMP%\RCX24.tmp to %TEMP%\_+_ncexb.tmp
- from %TEMP%\RCX21.tmp to %TEMP%\_+_shhxw.tmp
- from %TEMP%\RCX22.tmp to %TEMP%\_+_ziefe.tmp
- from %TEMP%\RCX15.tmp to %TEMP%\_+_zixoh.tmp
- from %TEMP%\RCX16.tmp to %TEMP%\_+_pfhbj.tmp
- from %TEMP%\RCX13.tmp to %TEMP%\_+_ygnvl.tmp
- from %TEMP%\RCX14.tmp to %TEMP%\_+_zixoh.tmp
- from %TEMP%\RCX17.tmp to %TEMP%\_+_pfhbj.tmp
- from %TEMP%\RCX1A.tmp to %TEMP%\_+_zxwrp.tmp
- from %TEMP%\RCX1B.tmp to %TEMP%\_+_zxwrp.tmp
- from %TEMP%\RCX18.tmp to %TEMP%\_+_lmqjv.tmp
- from %TEMP%\RCX19.tmp to %TEMP%\_+_lmqjv.tmp
- from %TEMP%\RCX76.tmp to %TEMP%\_+_klpgu.tmp
- from %TEMP%\RCX77.tmp to %TEMP%\_+_klpgu.tmp
- from %TEMP%\RCX74.tmp to %TEMP%\_+_rnfgd.tmp
- from %TEMP%\RCX75.tmp to %TEMP%\_+_rnfgd.tmp
- from %TEMP%\RCX78.tmp to %TEMP%\_+_fffzs.tmp
- from %TEMP%\RCX7B.tmp to %TEMP%\_+_osftw.tmp
- from %TEMP%\RCX7C.tmp to %TEMP%\_+_obxmo.tmp
- from %TEMP%\RCX79.tmp to %TEMP%\_+_fffzs.tmp
- from %TEMP%\RCX7A.tmp to %TEMP%\_+_osftw.tmp
- from %TEMP%\RCX6D.tmp to %TEMP%\_+_ycoln.tmp
- from %TEMP%\RCX6E.tmp to %TEMP%\_+_sawyi.tmp
- from <SYSTEM32>\dllcache\pinball.exe.new to <SYSTEM32>\dllcache\pinball.exe
- from %TEMP%\RCX6C.tmp to %TEMP%\_+_ycoln.tmp
- from %TEMP%\RCX6F.tmp to %TEMP%\_+_sawyi.tmp
- from %TEMP%\RCX72.tmp to %TEMP%\_+_ffqdj.tmp
- from %TEMP%\RCX73.tmp to %TEMP%\_+_ffqdj.tmp
- from %TEMP%\RCX70.tmp to %TEMP%\_+_kuomq.tmp
- from %TEMP%\RCX71.tmp to %TEMP%\_+_kuomq.tmp
- from %TEMP%\RCX88.tmp to %TEMP%\_+_invjl.tmp
- from %TEMP%\RCX89.tmp to %TEMP%\_+_invjl.tmp
- from %TEMP%\RCX86.tmp to %TEMP%\_+_shsao.tmp
- from %TEMP%\RCX87.tmp to %TEMP%\_+_shsao.tmp
- from %TEMP%\RCX8A.tmp to %TEMP%\_+_jkxvq.tmp
- from %TEMP%\RCX8D.tmp to %TEMP%\_+_nyrgq.tmp
- from %TEMP%\RCX8E.tmp to %TEMP%\_+_oakfe.tmp
- from %TEMP%\RCX8B.tmp to %TEMP%\_+_jkxvq.tmp
- from %TEMP%\RCX8C.tmp to %TEMP%\_+_nyrgq.tmp
- from %TEMP%\RCX7F.tmp to %TEMP%\_+_krvzc.tmp
- from %TEMP%\RCX80.tmp to %TEMP%\_+_vbbrh.tmp
- from %TEMP%\RCX7D.tmp to %TEMP%\_+_obxmo.tmp
- from %TEMP%\RCX7E.tmp to %TEMP%\_+_krvzc.tmp
- from %TEMP%\RCX81.tmp to %TEMP%\_+_vbbrh.tmp
- from %TEMP%\RCX84.tmp to %TEMP%\_+_aasig.tmp
- from %TEMP%\RCX85.tmp to %TEMP%\_+_aasig.tmp
- from %TEMP%\RCX82.tmp to %TEMP%\_+_aohwo.tmp
- from %TEMP%\RCX83.tmp to %TEMP%\_+_aohwo.tmp
- from %TEMP%\RCX6B.tmp to %TEMP%\_+_hfztm.tmp
- from %TEMP%\RCX54.tmp to %TEMP%\_+_yftlj.tmp
- from %TEMP%\RCX55.tmp to %TEMP%\_+_yftlj.tmp
- from %TEMP%\RCX52.tmp to %TEMP%\_+_pbokj.tmp
- from %TEMP%\RCX53.tmp to %TEMP%\_+_pbokj.tmp
- from %TEMP%\RCX56.tmp to %TEMP%\_+_bzsds.tmp
- from %TEMP%\RCX59.tmp to %TEMP%\_+_gkltk.tmp
- from %TEMP%\RCX5A.tmp to %TEMP%\_+_gaqxm.tmp
- from %TEMP%\RCX57.tmp to %TEMP%\_+_bzsds.tmp
- from %TEMP%\RCX58.tmp to %TEMP%\_+_gkltk.tmp
- from %TEMP%\RCX4B.tmp to %TEMP%\_+_dymkr.tmp
- from %TEMP%\RCX4C.tmp to %TEMP%\_+_tnsmz.tmp
- from %TEMP%\RCX49.tmp to %TEMP%\_+_hvohf.tmp
- from %TEMP%\RCX4A.tmp to %TEMP%\_+_dymkr.tmp
- from %TEMP%\RCX4D.tmp to %TEMP%\_+_tnsmz.tmp
- from %TEMP%\RCX50.tmp to %TEMP%\_+_chlne.tmp
- from %TEMP%\RCX51.tmp to %TEMP%\_+_chlne.tmp
- from %TEMP%\RCX4E.tmp to %TEMP%\_+_liksk.tmp
- from %TEMP%\RCX4F.tmp to %TEMP%\_+_liksk.tmp
- from %TEMP%\RCX64.tmp to %TEMP%\_+_nkstq.tmp
- from %TEMP%\RCX65.tmp to %TEMP%\_+_nkstq.tmp
- from %TEMP%\RCX62.tmp to %TEMP%\_+_qmzgo.tmp
- from %TEMP%\RCX63.tmp to %TEMP%\_+_qmzgo.tmp
- from %TEMP%\RCX66.tmp to %TEMP%\_+_netxn.tmp
- from %TEMP%\RCX69.tmp to %TEMP%\_+_oqqze.tmp
- from %TEMP%\RCX6A.tmp to %TEMP%\_+_hfztm.tmp
- from %TEMP%\RCX67.tmp to %TEMP%\_+_netxn.tmp
- from %TEMP%\RCX68.tmp to %TEMP%\_+_oqqze.tmp
- from %TEMP%\RCX5D.tmp to %TEMP%\_+_mnfjf.tmp
- from %TEMP%\RCX5E.tmp to %TEMP%\_+_stmxj.tmp
- from %TEMP%\RCX5B.tmp to %TEMP%\_+_gaqxm.tmp
- from %TEMP%\RCX5C.tmp to %TEMP%\_+_mnfjf.tmp
- from %TEMP%\RCX5F.tmp to %TEMP%\_+_stmxj.tmp
- from %TEMP%\RCX61.tmp to %TEMP%\_+_gwnwy.tmp
- from <SYSTEM32>\dllcache\zclientm.exe.new to <SYSTEM32>\dllcache\zclientm.exe
- from <SYSTEM32>\dllcache\rvsezm.exe.new to <SYSTEM32>\dllcache\rvsezm.exe
- from %TEMP%\RCX60.tmp to %TEMP%\_+_gwnwy.tmp