Technical Information
- C:\JRT\erunt\ERUNT.EXE %WINDIR%\ERUNT\JRT /noconfirmdelete
- <SYSTEM32>\taskkill.exe /f /im mwsoemon.exe
- <SYSTEM32>\taskkill.exe /f /im iwintrusted.exe
- <SYSTEM32>\taskkill.exe /f /im iminent.messengers.exe
- <SYSTEM32>\taskkill.exe /f /im mwssvc.exe
- <SYSTEM32>\taskkill.exe /f /im questscan.exe
- <SYSTEM32>\taskkill.exe /f /im pcpmngr.exe
- <SYSTEM32>\taskkill.exe /f /im optproreminder.exe
- <SYSTEM32>\taskkill.exe /f /im iminent.exe
- <SYSTEM32>\taskkill.exe /f /im "fixio pc cleaner service.exe"
- <SYSTEM32>\taskkill.exe /f /im extensionupdaterservice.exe
- <SYSTEM32>\taskkill.exe /f /im dtupdate.exe
- <SYSTEM32>\taskkill.exe /f /im flvsrvc.exe
- <SYSTEM32>\taskkill.exe /f /im googletoolbarnotifier.exe
- <SYSTEM32>\taskkill.exe /f /im funmoodssrv.exe
- <SYSTEM32>\taskkill.exe /f /im freeyoutubetomp3converter.exe
- <SYSTEM32>\taskkill.exe /f /im thirdpartyappmgr.exe
- <SYSTEM32>\taskkill.exe /f /im systweakasp.exe
- <SYSTEM32>\taskkill.exe /f /im sweetpacksupdatemanager.exe
- <SYSTEM32>\taskkill.exe /f /im toolbarupdaterservice.exe
- <SYSTEM32>\taskkill.exe /f /im visicom_antiphishing.exe
- <SYSTEM32>\taskkill.exe /f /im updater.exe
- <SYSTEM32>\taskkill.exe /f /im uninstall.exe
- <SYSTEM32>\taskkill.exe /f /im sweetim.exe
- <SYSTEM32>\taskkill.exe /f /im searchsettings.exe
- <SYSTEM32>\taskkill.exe /f /im resultbrowse*
- <SYSTEM32>\taskkill.exe /f /im regwork.exe
- <SYSTEM32>\taskkill.exe /f /im startapps.exe
- <SYSTEM32>\taskkill.exe /f /im spcreminder.exe
- <SYSTEM32>\taskkill.exe /f /im spclauncher.exe
- <SYSTEM32>\taskkill.exe /f /im selectrebates.exe
- <SYSTEM32>\reg.exe query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2052111302-484763869-725345543-1003" /v "ProfileImagePath"
- <SYSTEM32>\reg.exe query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20" /v "ProfileImagePath"
- <SYSTEM32>\reg.exe query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19" /v "ProfileImagePath"
- <SYSTEM32>\taskkill.exe /f /im iexplore.exe
- <SYSTEM32>\taskkill.exe /f /im 64brmon.exe
- <SYSTEM32>\taskkill.exe /f /im 5qbarsvc.exe
- <SYSTEM32>\taskkill.exe /f /im 52barsvc.exe
- <SYSTEM32>\findstr.exe /iec:"\\%USERNAME%"
- <SYSTEM32>\findstr.exe /c:":\\"
- <SYSTEM32>\fsutil.exe fsinfo drives
- <SYSTEM32>\cmd.exe /c ""C:\JRT\get.bat" "
- <SYSTEM32>\reg.exe QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
- <SYSTEM32>\reg.exe query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18" /v "ProfileImagePath"
- <SYSTEM32>\findstr.exe /ibc:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-"
- <SYSTEM32>\reg.exe query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
- <SYSTEM32>\taskkill.exe /f /im browsermngr.exe
- <SYSTEM32>\taskkill.exe /f /im browsemngr.exe
- <SYSTEM32>\taskkill.exe /f /im bigfix.exe
- <SYSTEM32>\taskkill.exe /f /im clickoncesetup.exe
- <SYSTEM32>\taskkill.exe /f /im dmwu.exe
- <SYSTEM32>\taskkill.exe /f /im defaulttabsearch.exe
- <SYSTEM32>\taskkill.exe /f /im datamngrui.exe
- <SYSTEM32>\taskkill.exe /f /im bchelper.exe
- <SYSTEM32>\taskkill.exe /f /im advancedsystemprotector.exe
- <SYSTEM32>\taskkill.exe /f /im adawarebp.exe
- <SYSTEM32>\taskkill.exe /f /im 64srchmn.exe
- <SYSTEM32>\taskkill.exe /f /im applicationupdater.exe
- <SYSTEM32>\taskkill.exe /f /im babylontc.exe
- <SYSTEM32>\taskkill.exe /f /im babylonhelper.exe
- <SYSTEM32>\taskkill.exe /f /im babylon.exe
- iexplore.exe
- C:\JRT\services.dat
- C:\JRT\runvalues_x86.cfg
- C:\JRT\runvalues_x64.cfg
- C:\JRT\temp\OS.txt
- C:\JRT\startpage_x86.reg
- C:\JRT\startpage_x64.reg
- C:\JRT\regkey_x86.dat
- C:\JRT\regkey_x64.dat
- C:\JRT\misc.bat
- C:\JRT\runvalues.bat
- C:\JRT\regvalue_x86.dat
- C:\JRT\regvalue_x64.dat
- C:\JRT\temp\architecture.txt
- %WINDIR%\ERUNT\JRT\Users\00000002\UsrClass.dat
- %WINDIR%\ERUNT\JRT\Users\00000001\NTUSER.DAT
- %WINDIR%\ERUNT\JRT\SAM
- %WINDIR%\ERUNT\JRT\ERDNTDOS.LOC
- %WINDIR%\ERUNT\JRT\ERDNTWIN.LOC
- %WINDIR%\ERUNT\JRT\ERDNT.EXE
- %WINDIR%\ERUNT\JRT\ERDNT.CON
- %WINDIR%\ERUNT\JRT\ERDNT.INF
- %WINDIR%\ERUNT\JRT\SECURITY
- %WINDIR%\ERUNT\JRT\default
- %WINDIR%\ERUNT\JRT\system
- %WINDIR%\ERUNT\JRT\software
- C:\JRT\get.bat
- C:\JRT\CLSID.dat
- C:\JRT\badvalues.cfg
- C:\JRT\askservices.dat
- C:\JRT\erunt\ERDNT.E_E
- C:\JRT\clsid_values.bat
- C:\JRT\clsid_keys.bat
- C:\JRT\askregkey_x64.dat
- C:\JRT\askCLSID.dat
- C:\JRT\ask.bat
- C:\JRT\askregvalue_x86.dat
- C:\JRT\askregvalue_x64.dat
- C:\JRT\askregkey_x86.dat
- C:\JRT\erunt\ERDNTDOS.LOC
- C:\JRT\FFregkey_x64.dat
- C:\JRT\FFprefs.dat
- C:\JRT\FFplugins.dat
- C:\JRT\firefox.bat
- C:\JRT\FFXML.dat
- C:\JRT\FFregkey_x86.dat
- C:\JRT\erunt\ERUNT.LOC
- C:\JRT\erunt\ERUNT.EXE
- C:\JRT\erunt\ERDNTWIN.LOC
- C:\JRT\FFextensions.dat
- C:\JRT\ev_clear.bat
- C:\JRT\erunt\README.TXT
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''