Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %PROGRAM_FILES%\FireFox\nssutil3.dll
- %PROGRAM_FILES%\FireFox\nssdbm3.dll
- %PROGRAM_FILES%\FireFox\nssckbi.dll
- %PROGRAM_FILES%\FireFox\plc4.dll
- %PROGRAM_FILES%\FireFox\shlibsign.exe
- %PROGRAM_FILES%\FireFox\plugin-container.exe
- %PROGRAM_FILES%\FireFox\plds4.dll
- %PROGRAM_FILES%\FireFox\mozjs.dll
- %PROGRAM_FILES%\FireFox\mozalloc.dll
- %PROGRAM_FILES%\FireFox\mangle.exe
- %PROGRAM_FILES%\FireFox\mozsqlite3.dll
- %PROGRAM_FILES%\FireFox\nss3.dll
- %PROGRAM_FILES%\FireFox\nspr4.dll
- %PROGRAM_FILES%\FireFox\nsinstall.exe
- %PROGRAM_FILES%\FireFox\xul.dll
- %PROGRAM_FILES%\FireFox\xpt_link.exe
- %PROGRAM_FILES%\FireFox\xpt_dump.exe
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obelog.dll
- <Auxiliary element>
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obepopc.dll
- %PROGRAM_FILES%\MSN\MSNCoreFiles\OOBE\obemetal.dll
- %PROGRAM_FILES%\FireFox\ssl3.dll
- %PROGRAM_FILES%\FireFox\softokn3.dll
- %PROGRAM_FILES%\FireFox\smime3.dll
- %PROGRAM_FILES%\FireFox\updater.exe
- %PROGRAM_FILES%\FireFox\xpidl.exe
- %PROGRAM_FILES%\FireFox\xpcshell.exe
- %PROGRAM_FILES%\FireFox\xpcom.dll
- %PROGRAM_FILES%\FireFox\js.exe
- C:\Far2\Plugins\Compare\Compare.dll
- C:\Far2\Plugins\Colorer\bin\colorer.dll
- C:\Far2\Plugins\Brackets\Brackets.dll
- C:\Far2\Plugins\DrawLine\DrawLine.dll
- C:\Far2\Plugins\FTP\FarFtp.dll
- C:\Far2\Plugins\FarCmds\FARCmds.dll
- C:\Far2\Plugins\EMenu\EMenu.dll
- C:\Far2\FExcept\ExcDump.dll
- C:\Far2\FExcept\demangle32.dll
- C:\Far2\Far.exe
- C:\Far2\FExcept\FExcept.dll
- C:\Far2\Plugins\arclite\arclite.dll
- C:\Far2\Plugins\arclite\7z.dll
- C:\Far2\Plugins\7-Zip\7-ZipFar.dll
- %PROGRAM_FILES%\FireFox\components\browsercomps.dll
- %PROGRAM_FILES%\FireFox\AccessibleMarshal.dll
- %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL
- %PROGRAM_FILES%\FireFox\crashreporter.exe
- %PROGRAM_FILES%\FireFox\IA2Marshal.dll
- %PROGRAM_FILES%\FireFox\freebl3.dll
- %PROGRAM_FILES%\FireFox\firefox.exe
- C:\Far2\Plugins\Network\Network.dll
- C:\Far2\Plugins\MacroView\MacroView.dll
- C:\Far2\Plugins\HlfViewer\HlfViewer.dll
- C:\Far2\Plugins\ProcList\Proclist.dll
- %CommonProgramFiles%\Microsoft Shared\VC\msdia80.dll
- C:\Far2\Plugins\WinSCP\WinSCP.dll
- C:\Far2\Plugins\TmpPanel\TmpPanel.dll
- <Drive name for removable media>:\RECYCLER\S-3-4-58-0156481178-8657582168-655364615-2256\fbioLbIJ.cpl
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\RECYCLER\S-3-4-58-0156481178-8657582168-655364615-2256\JWQtIhKf.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\winlogon.exe' = '<SYSTEM32>\winlogon.exe:*:enabled:@shell32.dll,-1'
- '%TEMP%\svchost.exe'
- '%TEMP%\UXOsEyxy.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\tadjbuyp.cmdline"
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\alg.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\smss.exe
- System
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001972.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001973.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001970.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001971.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001974.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001977.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001978.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001975.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001976.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001963.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001964.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001907.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001944.DLL
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001965.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001968.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001969.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001966.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001967.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001991.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001992.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001989.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001990.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001993.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002027.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002029.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001994.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0002026.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001981.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001982.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001979.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001980.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001983.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001986.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001988.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001984.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001985.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001885.dll
- %PROGRAM_FILES%\Internet Explorer\dmlconf.dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- %TEMP%\RES2.tmp
- %TEMP%\tadjbuyp.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001857.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001859.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001853.exe
- %TEMP%\UXOsEyxy.exe
- %TEMP%\127V2435.resources
- %TEMP%\bXoFqvdx.resources
- %TEMP%\svchost.exe
- %TEMP%\MSNPSharp.dll
- %TEMP%\tadjbuyp.out
- %TEMP%\vbc1.tmp
- %TEMP%\tadjbuyp.0.vb
- %TEMP%\tadjbuyp.cmdline
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001877.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001879.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001873.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001875.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001880.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001883.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001884.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001881.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001882.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001862.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001863.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001860.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001861.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001867.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001871.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001872.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001868.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\A0001870.dll
- %HOMEPATH%\Start Menu\Programs\Startup\mhrhcrji.exe
- %TEMP%\tadjbuyp.exe
- %TEMP%\tadjbuyp.cmdline
- %TEMP%\tadjbuyp.0.vb
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\tadjbuyp.out
- 'qx##ou.com':443
- '60.##0.222.139':80
- 'yq##tk.com':443
- 'fz##fe.com':443
- 'wa##ky.com':443
- 'mi##at.com':443
- 'vh##pf.com':443
- 'pa##ep.com':443
- '74.##5.232.51':80
- 'tv#####nyvwstrtve.com':447
- 'il#.#renz.pl':80
- 'su###wdmn.com':447
- 'an#.#renz.pl':80
- 'wq######rstyhcerveantbe.com':447
- 'go##xq.com':443
- 'rt####jyuver.com':447
- DNS ASK qx##ou.com
- DNS ASK fz##fe.com
- DNS ASK yq##tk.com
- DNS ASK vh##pf.com
- DNS ASK mi##at.com
- DNS ASK wa##ky.com
- DNS ASK pa##ep.com
- DNS ASK wq######rstyhcerveantbe.com
- DNS ASK google.com
- DNS ASK su###wdmn.com
- DNS ASK il#.#renz.pl
- DNS ASK tv#####nyvwstrtve.com
- DNS ASK an#.#renz.pl
- DNS ASK rt####jyuver.com
- DNS ASK go##xq.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'