Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CFi ShellToys Utility Manager' = '"%PROGRAM_FILES%\CFi\ShellToys\CFiShlMan.exe" -start'
- '%PROGRAM_FILES%\CFi\ShellToys\icnexui.exe' -move
- '%TEMP%\1.tmp\alfarespatch.exe'
- '%TEMP%\1.tmp\alfares.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-4HMOO.tmp\alfares.tmp' /SL5="$300DE,8004689,53248,%TEMP%\1.tmp\alfares.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\AudioFileConvert.ocx"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\shldrop.dll"
- '<SYSTEM32>\taskkill.exe' /F /IM CFiShell.exe
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\OggDS.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\wid3.ocx"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\CFiShell.dll"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\alfares.cmd" "
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\CFiShlJP.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\CFi\ShellToys\CFiShlRn.dll"
- %PROGRAM_FILES%\CFi\ShellToys\is-CJSGC.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-PSKBS.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-F4ERB.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-T2954.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-CA449.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-DVDM9.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-8775G.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-REMMT.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-IN8CD.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-8RIQ1.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-CSHIM.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-9MKBU.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-7OTT1.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-TR8K1.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-AAEMA.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-JJ8T2.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\X-Delete.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\X-Replace.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\Print Folder List.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\Recent Files.lnk
- %PROGRAM_FILES%\CFi\ShellToys\stxp.key
- %PROGRAM_FILES%\CFi\ShellToys\stxp.lic
- %PROGRAM_FILES%\CFi\ShellToys\unins000.dat
- %PROGRAM_FILES%\CFi\ShellToys\CFiShell.exe
- %PROGRAM_FILES%\CFi\ShellToys\is-0N8QD.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\CFi ShellToys.lnk
- %PROGRAM_FILES%\CFi\ShellToys\is-2U5SH.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-3HGP5.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\Image Editor.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\Mask By Type.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\CFi ShellToys Help.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\CFi ShellToys\Media Browser.lnk
- %PROGRAM_FILES%\CFi\ShellToys\is-4D9OT.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-EOEUD.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-LUQ05.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-S9358.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-EH49L.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-KO2P6.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-6A5A6.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-VSBMD.tmp
- %TEMP%\1.tmp\alfares.exe
- %TEMP%\is-4HMOO.tmp\alfares.tmp
- %TEMP%\1.tmp\alfares.cmd
- %TEMP%\1.tmp\alfarespatch.exe
- %PROGRAM_FILES%\CFi\ShellToys\is-3FKAL.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-6IL06.tmp
- %TEMP%\is-VT0NP.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-VT0NP.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\CFi\ShellToys\is-RS9GG.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-5CTGG.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-EFLKK.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-UEO7I.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-NV24R.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-VSPT3.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-9RTGN.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-8QHJ1.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-71UUM.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-BDFPA.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-BDKJ4.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-SBKI0.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-B16TN.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-ITFRG.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-NLS6M.tmp
- %PROGRAM_FILES%\CFi\ShellToys\is-9PRIQ.tmp
- %TEMP%\1.tmp\alfarespatch.exe
- %TEMP%\1.tmp\alfares.exe
- %TEMP%\1.tmp\alfares.cmd
- %TEMP%\is-VT0NP.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-VT0NP.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-4HMOO.tmp\alfares.tmp
- from %PROGRAM_FILES%\CFi\ShellToys\is-AAEMA.tmp to %PROGRAM_FILES%\CFi\ShellToys\alarm.wav
- from %PROGRAM_FILES%\CFi\ShellToys\is-8RIQ1.tmp to %PROGRAM_FILES%\CFi\ShellToys\shlclock.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-JJ8T2.tmp to %PROGRAM_FILES%\CFi\ShellToys\remind.wav
- from %PROGRAM_FILES%\CFi\ShellToys\is-TR8K1.tmp to %PROGRAM_FILES%\CFi\ShellToys\shldlgs.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-7OTT1.tmp to %PROGRAM_FILES%\CFi\ShellToys\shlmenu.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-IN8CD.tmp to %PROGRAM_FILES%\CFi\ShellToys\eject.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-NV24R.tmp to %PROGRAM_FILES%\CFi\ShellToys\vorbisfile.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-8QHJ1.tmp to %PROGRAM_FILES%\CFi\ShellToys\vorbis.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-VSPT3.tmp to %PROGRAM_FILES%\CFi\ShellToys\akrip32.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-9MKBU.tmp to %PROGRAM_FILES%\CFi\ShellToys\shutdown.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-CSHIM.tmp to %PROGRAM_FILES%\CFi\ShellToys\stxp.key
- from %PROGRAM_FILES%\CFi\ShellToys\is-DVDM9.tmp to %PROGRAM_FILES%\CFi\ShellToys\shldrop.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-CA449.tmp to %PROGRAM_FILES%\CFi\ShellToys\studwork.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-2U5SH.tmp to %PROGRAM_FILES%\CFi\ShellToys\AudioFileConvert.ocx
- from %PROGRAM_FILES%\CFi\ShellToys\is-0N8QD.tmp to %PROGRAM_FILES%\CFi\ShellToys\lame_dshow.ax
- from %PROGRAM_FILES%\CFi\ShellToys\is-3HGP5.tmp to %PROGRAM_FILES%\CFi\ShellToys\OggDS.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-REMMT.tmp to %PROGRAM_FILES%\CFi\ShellToys\stupdate.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-T2954.tmp to %PROGRAM_FILES%\CFi\ShellToys\dcstub.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-F4ERB.tmp to %PROGRAM_FILES%\CFi\ShellToys\cfishlman.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-CJSGC.tmp to %PROGRAM_FILES%\CFi\ShellToys\stopwtch.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-8775G.tmp to %PROGRAM_FILES%\CFi\ShellToys\shltask.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-PSKBS.tmp to %PROGRAM_FILES%\CFi\ShellToys\artsvc.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-9RTGN.tmp to %PROGRAM_FILES%\CFi\ShellToys\ogg.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-VSBMD.tmp to %PROGRAM_FILES%\CFi\ShellToys\assembler.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-6A5A6.tmp to %PROGRAM_FILES%\CFi\ShellToys\xrp.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-EH49L.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShell.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-BDKJ4.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShlRn.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-KO2P6.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShell.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-EOEUD.tmp to %PROGRAM_FILES%\CFi\ShellToys\xdl.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-6IL06.tmp to %PROGRAM_FILES%\CFi\ShellToys\mbt.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-3FKAL.tmp to %PROGRAM_FILES%\CFi\ShellToys\unins000.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-LUQ05.tmp to %PROGRAM_FILES%\CFi\ShellToys\pfl.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-4D9OT.tmp to %PROGRAM_FILES%\CFi\ShellToys\iBrowse.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-S9358.tmp to %PROGRAM_FILES%\CFi\ShellToys\strf.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-EFLKK.tmp to %PROGRAM_FILES%\CFi\ShellToys\shlkeys.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-ITFRG.tmp to %PROGRAM_FILES%\CFi\ShellToys\cliphook.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-UEO7I.tmp to %PROGRAM_FILES%\CFi\ShellToys\ShellToys.chm
- from %PROGRAM_FILES%\CFi\ShellToys\is-5CTGG.tmp to %PROGRAM_FILES%\CFi\ShellToys\wid3.ocx
- from %PROGRAM_FILES%\CFi\ShellToys\is-RS9GG.tmp to %PROGRAM_FILES%\CFi\ShellToys\unrar.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-B16TN.tmp to %PROGRAM_FILES%\CFi\ShellToys\icnexui.exe
- from %PROGRAM_FILES%\CFi\ShellToys\is-71UUM.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShlImg.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-SBKI0.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShlArc.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-BDFPA.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShlIc.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-9PRIQ.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiShlJP.dll
- from %PROGRAM_FILES%\CFi\ShellToys\is-NLS6M.tmp to %PROGRAM_FILES%\CFi\ShellToys\CFiDesk.dll
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'wndCFiShellHook'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'