PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.PWS.Siggen2.4078

Aggiunto al database dei virus Dr.Web: 2018-07-19

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'firefox' = '"%APPDATA%\FFPortable\update.exe" about:robots'
Modifies file system:
Creates the following files:
  • %TEMP%\is-1C5PK.tmp\<File name>.tmp
  • %APPDATA%\FFPortable\searchplugins\is-8AVKJ.tmp
  • %TEMP%\bye1.tmp\Disk1\setup.ini
  • %TEMP%\bye1.tmp\Disk1\setup.ibt
  • %TEMP%\bye1.tmp\Disk1\setup.exe
  • %TEMP%\bye1.tmp\Disk1\layout.bin
  • %TEMP%\bye1.tmp\Disk1\engine32.cab
  • %TEMP%\bye1.tmp\Disk1\data1.hdr
  • %TEMP%\bye1.tmp\Disk1\setup.inx
  • %TEMP%\bye1.tmp\Disk1\data1.cab
  • %TEMP%\is-H28LR.tmp\rog\unins000.dat
  • %APPDATA%\is-M2H4G.tmp
  • %APPDATA%\FFPortable\uninstall\is-TUKNF.tmp
  • %APPDATA%\FFPortable\searchplugins\is-JQ1C3.tmp
  • %APPDATA%\FFPortable\searchplugins\is-42K1M.tmp
  • %APPDATA%\FFPortable\searchplugins\is-678OR.tmp
  • %APPDATA%\FFPortable\searchplugins\is-2F4FB.tmp
  • %TEMP%\ISPackFiles.ini
  • %APPDATA%\FFPortable\searchplugins\is-T2NBS.tmp
  • %APPDATA%\AMozilla\AFirefox\Crash Reports\InstallTime20100401080539
  • %TEMP%\set3.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\bookmarks.html
  • %APPDATA%\AMozilla\AFirefox\profiles.ini
  • %TEMP%\skin54ae.rra
  • %TEMP%\ispA.tmp
  • %TEMP%\isp6.tmp\temp.000
  • %TEMP%\_se9.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp7.tmp\temp.000
  • %TEMP%\_isdelet.ini
  • %TEMP%\igd8.tmp
  • %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\895801cce21b135cbf95f16ec8f2c532_23ef5514-3059-436f-a4a7-4cefaab20eb1
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp4.tmp\temp.000
  • %TEMP%\set5.tmp
  • %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\2d6fdd68a6aeb0d75e74249ac020c549_23ef5514-3059-436f-a4a7-4cefaab20eb1
  • %APPDATA%\Microsoft\Protect\CREDHIST
  • %APPDATA%\FFPortable\components\xpti.dat.tmp
  • %TEMP%\isp2.tmp\temp.000
  • %TEMP%\bye1.tmp\Disk1\setup.skin
  • %APPDATA%\FFPortable\searchplugins\is-19FDE.tmp
  • %APPDATA%\FFPortable\res\html\is-1R3I9.tmp
  • %APPDATA%\FFPortable\res\fonts\is-B90AL.tmp
  • %APPDATA%\FFPortable\res\is-0HG2L.tmp
  • %APPDATA%\FFPortable\res\is-IH34O.tmp
  • %APPDATA%\FFPortable\res\is-031BD.tmp
  • %APPDATA%\FFPortable\res\is-OEGIP.tmp
  • %APPDATA%\FFPortable\res\is-A9C64.tmp
  • %APPDATA%\FFPortable\res\is-8OORK.tmp
  • %APPDATA%\FFPortable\res\is-PUBRP.tmp
  • %APPDATA%\FFPortable\res\is-S2PQK.tmp
  • %APPDATA%\FFPortable\res\is-7JNSA.tmp
  • %APPDATA%\FFPortable\res\is-GUL9V.tmp
  • %APPDATA%\FFPortable\res\is-C76SC.tmp
  • %APPDATA%\FFPortable\res\is-KIOC6.tmp
  • %APPDATA%\FFPortable\res\is-5QLFJ.tmp
  • %APPDATA%\FFPortable\res\is-3IPMN.tmp
  • %APPDATA%\FFPortable\res\is-OBM2D.tmp
  • %APPDATA%\FFPortable\res\is-JC8JJ.tmp
  • %APPDATA%\FFPortable\res\is-T2NJI.tmp
  • %APPDATA%\FFPortable\res\is-EHK8J.tmp
  • %APPDATA%\FFPortable\res\fonts\is-2IMO0.tmp
  • %APPDATA%\FFPortable\res\is-26V2V.tmp
  • %APPDATA%\FFPortable\res\fonts\is-P8GFD.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-28DAM.tmp
  • %APPDATA%\FFPortable\res\fonts\is-S4GJI.tmp
  • %APPDATA%\FFPortable\res\fonts\is-HMDIN.tmp
  • %APPDATA%\FFPortable\res\fonts\is-B25SQ.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-T2S79.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-6SCQD.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-RGAI9.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-K79UT.tmp
  • %APPDATA%\FFPortable\res\entityTables\is-R4M23.tmp
  • %APPDATA%\FFPortable\res\is-N0I4V.tmp
  • %APPDATA%\FFPortable\res\dtd\is-HBERK.tmp
  • %APPDATA%\FFPortable\res\dtd\is-31CJ0.tmp
  • %APPDATA%\FFPortable\res\is-EQOEG.tmp
  • %APPDATA%\FFPortable\res\is-6N0PS.tmp
  • %APPDATA%\FFPortable\res\is-60G50.tmp
  • %APPDATA%\FFPortable\res\is-A9TA8.tmp
  • %APPDATA%\FFPortable\res\is-7PM83.tmp
  • %APPDATA%\FFPortable\res\is-94S6M.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\chrome\userChrome-example.css
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\DotC.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\search.json
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\search.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\search.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.rdf
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\pluginreg.dat
  • %TEMP%\tFdfxPr20.dll
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\places.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\permissions.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\places.sqlite-journal
  • %TEMP%\isprf3ad.rra
  • %TEMP%\ispreac3.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\prefs-1.js
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions.rdf
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.ini
  • %TEMP%\ispre219.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.cache
  • %TEMP%\isprfb5d.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\permissions.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\formhistory.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\cookies.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\downloads.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\downloads.sqlite-journal
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\urlclassifier3.sqlite
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\urlclassifier3.sqlite-journal
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\Cache\_CACHE_MAP_
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\Cache\_CACHE_003_
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\Cache\_CACHE_002_
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\content-prefs.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\formhistory.sqlite
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\cookies.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\key3.db
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\cert8.db
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\secmod.db
  • %TEMP%\nso13.tmp\System.dll
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes-1.rdf
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\content-prefs.sqlite
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\Cache\_CACHE_001_
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRdac6.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\Strid9db.rra
  • %APPDATA%\FFPortable\dictionaries\is-8F6TB.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\ctoD.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\Obj11.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\iKernel.rgs
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\IsProBE.tlb
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\IsP10.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iusF.tmp
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iscE.tmp
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\LICEd4ab.rra
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\XUL.mfl
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setud45d.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat.tmp
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\XPC.mfl
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compatibility.ini
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\prefs.js
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes.rdf
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iKeB.tmp
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setud4ca.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\setud98d.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\chrome\userContent-example.css
  • %TEMP%\d0b4.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRd94f.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRd8f1.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRd8a3.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\defad874.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\isrtd826.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\Strid7d8.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\Strid7a9.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\setud74b.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_IsRd6af.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\defad680.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\defad661.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\isrtd613.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\isrtd5b5.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Strid567.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\cored538.rra
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_ISUd509.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\localstore.rdf
  • %APPDATA%\FFPortable\res\is-613JE.tmp
  • %APPDATA%\FFPortable\res\is-K6ON5.tmp
  • %APPDATA%\FFPortable\res\is-ICV15.tmp
  • %APPDATA%\FFPortable\components\is-TUDH9.tmp
  • %APPDATA%\FFPortable\components\is-OSTRO.tmp
  • %APPDATA%\FFPortable\components\is-9LGT4.tmp
  • %APPDATA%\FFPortable\components\is-3770K.tmp
  • %APPDATA%\FFPortable\components\is-NN38C.tmp
  • %APPDATA%\FFPortable\components\is-G85LJ.tmp
  • %APPDATA%\FFPortable\components\is-KIUP9.tmp
  • %APPDATA%\FFPortable\components\is-1LQJH.tmp
  • %APPDATA%\FFPortable\components\is-UNBGH.tmp
  • %APPDATA%\FFPortable\chrome\is-169I9.tmp
  • %APPDATA%\FFPortable\chrome\is-3RCJ9.tmp
  • %APPDATA%\FFPortable\chrome\is-13V4L.tmp
  • %APPDATA%\FFPortable\chrome\is-4ETN6.tmp
  • %APPDATA%\FFPortable\chrome\is-KOUKU.tmp
  • %APPDATA%\FFPortable\chrome\is-PB1AB.tmp
  • %APPDATA%\FFPortable\chrome\is-T1213.tmp
  • %APPDATA%\FFPortable\chrome\is-OANKI.tmp
  • %APPDATA%\FFPortable\components\is-4QTKA.tmp
  • %APPDATA%\FFPortable\components\is-5M3KD.tmp
  • %APPDATA%\FFPortable\chrome\is-5L0MV.tmp
  • %APPDATA%\FFPortable\components\is-EE12S.tmp
  • %APPDATA%\FFPortable\components\is-0H61U.tmp
  • %APPDATA%\FFPortable\components\is-0UGK6.tmp
  • %APPDATA%\FFPortable\components\is-IG7HA.tmp
  • %APPDATA%\FFPortable\components\is-UNFUP.tmp
  • %APPDATA%\FFPortable\components\is-94R1N.tmp
  • %APPDATA%\FFPortable\components\is-3JEEP.tmp
  • %APPDATA%\FFPortable\components\is-JVVKR.tmp
  • %APPDATA%\FFPortable\components\is-01S8O.tmp
  • %APPDATA%\FFPortable\components\is-D9GF2.tmp
  • %APPDATA%\FFPortable\components\is-6A7SQ.tmp
  • %APPDATA%\FFPortable\components\is-S0GDQ.tmp
  • %APPDATA%\FFPortable\components\is-HESQF.tmp
  • %APPDATA%\FFPortable\components\is-VQO58.tmp
  • %APPDATA%\FFPortable\components\is-DHF2L.tmp
  • %APPDATA%\FFPortable\components\is-SAJ17.tmp
  • %APPDATA%\FFPortable\components\is-VU3EI.tmp
  • %APPDATA%\FFPortable\chrome\is-6SSHO.tmp
  • %APPDATA%\FFPortable\chrome\is-CAKGO.tmp
  • %APPDATA%\FFPortable\is-MT7BH.tmp
  • %APPDATA%\FFPortable\is-P04PE.tmp
  • %APPDATA%\FFPortable\is-4UE6I.tmp
  • %APPDATA%\FFPortable\is-PRPG1.tmp
  • %APPDATA%\FFPortable\is-D5F7P.tmp
  • %APPDATA%\FFPortable\is-1D3UV.tmp
  • %APPDATA%\FFPortable\is-JGIF1.tmp
  • %APPDATA%\FFPortable\is-958G8.tmp
  • %APPDATA%\FFPortable\is-JQV6P.tmp
  • %APPDATA%\FFPortable\is-8QPPP.tmp
  • %APPDATA%\FFPortable\is-4PE1D.tmp
  • %APPDATA%\FFPortable\is-TCKO6.tmp
  • %APPDATA%\FFPortable\is-LA87D.tmp
  • %TEMP%\is-H28LR.tmp\rog\is-4R7O3.tmp
  • %TEMP%\is-H28LR.tmp\_isetup\_isdecmp.dll
  • %APPDATA%\FFPortable\is-ELN85.tmp
  • %APPDATA%\FFPortable\is-2GKUT.tmp
  • %APPDATA%\FFPortable\is-QK05E.tmp
  • %APPDATA%\FFPortable\is-1P932.tmp
  • %APPDATA%\FFPortable\is-UIPQD.tmp
  • %APPDATA%\FFPortable\chrome\is-9N0US.tmp
  • %APPDATA%\FFPortable\is-KQ65C.tmp
  • %APPDATA%\FFPortable\chrome\is-FVGGO.tmp
  • %APPDATA%\FFPortable\is-ABV1V.tmp
  • %APPDATA%\FFPortable\is-MOUQ2.tmp
  • %APPDATA%\FFPortable\is-RU1KU.tmp
  • %APPDATA%\FFPortable\is-3US2I.tmp
  • %APPDATA%\FFPortable\is-8266U.tmp
  • %APPDATA%\FFPortable\is-J4KD8.tmp
  • %APPDATA%\FFPortable\is-VJ4ME.tmp
  • %APPDATA%\FFPortable\chrome\is-05OQQ.tmp
  • %APPDATA%\FFPortable\is-ROSLT.tmp
  • %APPDATA%\FFPortable\is-A625L.tmp
  • %APPDATA%\FFPortable\is-VVL0E.tmp
  • %APPDATA%\FFPortable\is-C4GFL.tmp
  • %APPDATA%\FFPortable\is-GNL95.tmp
  • %APPDATA%\FFPortable\is-5FA8G.tmp
  • %APPDATA%\FFPortable\components\is-8NLGT.tmp
  • %APPDATA%\FFPortable\components\is-GDS8G.tmp
  • %APPDATA%\FFPortable\components\is-VPG65.tmp
  • %APPDATA%\FFPortable\components\is-FF4MK.tmp
  • %APPDATA%\FFPortable\modules\is-5DFDE.tmp
  • %APPDATA%\FFPortable\modules\is-G17AO.tmp
  • %APPDATA%\FFPortable\modules\is-UGA6B.tmp
  • %APPDATA%\FFPortable\modules\is-09FPC.tmp
  • %APPDATA%\FFPortable\modules\is-6KBGK.tmp
  • %APPDATA%\FFPortable\modules\is-TM2RO.tmp
  • %APPDATA%\FFPortable\modules\is-R75L0.tmp
  • %APPDATA%\FFPortable\modules\is-QTR8T.tmp
  • %APPDATA%\FFPortable\modules\is-5TAN5.tmp
  • %APPDATA%\FFPortable\modules\is-2KNG4.tmp
  • %APPDATA%\FFPortable\modules\is-RBDPO.tmp
  • %APPDATA%\FFPortable\modules\is-7TFGJ.tmp
  • %APPDATA%\FFPortable\modules\is-9I2PM.tmp
  • %APPDATA%\FFPortable\greprefs\is-9FAT5.tmp
  • %APPDATA%\FFPortable\greprefs\is-5AN9M.tmp
  • %APPDATA%\FFPortable\greprefs\is-HGSSL.tmp
  • %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-BACCM.tmp
  • %APPDATA%\FFPortable\modules\is-MR1CC.tmp
  • %APPDATA%\FFPortable\modules\is-KE6CD.tmp
  • %APPDATA%\FFPortable\res\is-E49BD.tmp
  • %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-3JGOO.tmp
  • %APPDATA%\FFPortable\components\is-8GOMJ.tmp
  • %APPDATA%\FFPortable\res\is-VLLRT.tmp
  • %APPDATA%\FFPortable\res\is-DIJNR.tmp
  • %APPDATA%\FFPortable\res\is-U2R13.tmp
  • %APPDATA%\FFPortable\res\is-3V08P.tmp
  • %APPDATA%\FFPortable\res\is-44V6C.tmp
  • %APPDATA%\FFPortable\res\is-37RLO.tmp
  • %APPDATA%\FFPortable\res\is-UDV3L.tmp
  • %APPDATA%\FFPortable\res\is-2KD3G.tmp
  • %APPDATA%\FFPortable\res\is-LTED4.tmp
  • %APPDATA%\FFPortable\plugins\is-DPUM3.tmp
  • %APPDATA%\FFPortable\plugins\is-OCIT4.tmp
  • %APPDATA%\FFPortable\modules\is-VTSIP.tmp
  • %APPDATA%\FFPortable\modules\is-OM4EC.tmp
  • %APPDATA%\FFPortable\modules\is-R0EI4.tmp
  • %APPDATA%\FFPortable\modules\is-CG55O.tmp
  • %APPDATA%\FFPortable\modules\is-F1G1T.tmp
  • %APPDATA%\FFPortable\modules\is-4MU5I.tmp
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\Strida0a.rra
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\localstore-1.rdf
  • %APPDATA%\FFPortable\dictionaries\is-K6371.tmp
  • %APPDATA%\FFPortable\components\is-B92P1.tmp
  • %APPDATA%\FFPortable\components\is-UAMCV.tmp
  • %APPDATA%\FFPortable\components\is-U4HVD.tmp
  • %APPDATA%\FFPortable\components\is-2VB8H.tmp
  • %APPDATA%\FFPortable\components\is-JM217.tmp
  • %APPDATA%\FFPortable\components\is-KFP5J.tmp
  • %APPDATA%\FFPortable\components\is-JBU8M.tmp
  • %APPDATA%\FFPortable\components\is-8A8S4.tmp
  • %APPDATA%\FFPortable\components\is-LTQG2.tmp
  • %APPDATA%\FFPortable\components\is-V68FI.tmp
  • %APPDATA%\FFPortable\components\is-EG3P4.tmp
  • %APPDATA%\FFPortable\components\is-HKHL9.tmp
  • %APPDATA%\FFPortable\components\is-GPLPP.tmp
  • %APPDATA%\FFPortable\components\is-QJB24.tmp
  • %APPDATA%\FFPortable\components\is-I2LKK.tmp
  • %APPDATA%\FFPortable\components\is-6O13M.tmp
  • %APPDATA%\FFPortable\components\is-ELK2D.tmp
  • %APPDATA%\FFPortable\components\is-AFNUJ.tmp
  • %APPDATA%\FFPortable\components\is-J4O78.tmp
  • %APPDATA%\FFPortable\defaults\profile\chrome\is-827IK.tmp
  • %APPDATA%\FFPortable\defaults\pref\is-773U5.tmp
  • %APPDATA%\FFPortable\defaults\profile\chrome\is-1U1F6.tmp
  • %APPDATA%\FFPortable\defaults\profile\is-TI66U.tmp
  • %APPDATA%\FFPortable\defaults\profile\is-3AGVU.tmp
  • %APPDATA%\FFPortable\defaults\profile\is-TR990.tmp
  • %APPDATA%\FFPortable\defaults\profile\is-RUFLS.tmp
  • %APPDATA%\FFPortable\defaults\pref\is-SJAHM.tmp
  • %APPDATA%\FFPortable\defaults\pref\is-OC42M.tmp
  • %APPDATA%\FFPortable\defaults\pref\is-2JVVG.tmp
  • %APPDATA%\FFPortable\components\is-KM8KK.tmp
  • %APPDATA%\FFPortable\defaults\pref\is-H1SPQ.tmp
  • %APPDATA%\FFPortable\defaults\autoconfig\is-8P9EH.tmp
  • %APPDATA%\FFPortable\defaults\autoconfig\is-RVBOA.tmp
  • %APPDATA%\FFPortable\components\is-GREDA.tmp
  • %APPDATA%\FFPortable\components\is-520VI.tmp
  • %APPDATA%\FFPortable\components\is-0Q6MM.tmp
  • %APPDATA%\FFPortable\components\is-P8D1O.tmp
  • %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-I20U7.tmp
  • %TEMP%\s4UE40LT.part
Deletes the following files:
  • %TEMP%\is-H28LR.tmp\rog\unins000.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\cookies.sqlite-journal
  • %TEMP%\nso13.tmp\System.dll
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\content-prefs.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\formhistory.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\search.sqlite-journal
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\XUL.mfl
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\permissions.sqlite-journal
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRes.dll
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\StringTable-0009-English.ips
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\urlclassifier3.sqlite-journal
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRes.dll
  • %CommonProgramFiles%\InstallShield\Professional\RunTime\IsP10.tmp
  • %TEMP%\skin54ae.rra
  • %TEMP%\is-1C5PK.tmp\<File name>.tmp
  • %APPDATA%\FFPortable\components\xpti.dat
  • %TEMP%\_se9.tmp
  • %TEMP%\igd8.tmp
  • %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\2d6fdd68a6aeb0d75e74249ac020c549_23ef5514-3059-436f-a4a7-4cefaab20eb1
  • %TEMP%\set5.tmp
  • %TEMP%\set3.tmp
  • %TEMP%\is-H28LR.tmp\_isetup\_isdecmp.dll
  • %TEMP%\is-H28LR.tmp\rog\unins000.exe
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\StringTable-0009-English.ips
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\downloads.sqlite-journal
Moves the following files:
  • from %TEMP%\is-H28LR.tmp\rog\is-4R7O3.tmp to %TEMP%\is-H28LR.tmp\rog\unins000.exe
  • from %APPDATA%\FFPortable\res\is-7PM83.tmp to %APPDATA%\FFPortable\res\language.properties
  • from %APPDATA%\FFPortable\res\is-JC8JJ.tmp to %APPDATA%\FFPortable\res\loading-image.png
  • from %APPDATA%\FFPortable\res\is-OBM2D.tmp to %APPDATA%\FFPortable\res\mathml.css
  • from %APPDATA%\FFPortable\res\is-3IPMN.tmp to %APPDATA%\FFPortable\res\quirk.css
  • from %APPDATA%\FFPortable\res\is-5QLFJ.tmp to %APPDATA%\FFPortable\res\svg.css
  • from %APPDATA%\FFPortable\res\is-KIOC6.tmp to %APPDATA%\FFPortable\res\table-add-column-after-active.gif
  • from %APPDATA%\FFPortable\res\is-C76SC.tmp to %APPDATA%\FFPortable\res\table-add-column-after-hover.gif
  • from %APPDATA%\FFPortable\res\is-T2NJI.tmp to %APPDATA%\FFPortable\res\table-add-column-after.gif
  • from %APPDATA%\FFPortable\res\is-94S6M.tmp to %APPDATA%\FFPortable\res\table-add-column-before-active.gif
  • from %APPDATA%\FFPortable\res\is-0HG2L.tmp to %APPDATA%\FFPortable\res\table-add-column-before-hover.gif
  • from %APPDATA%\FFPortable\res\is-PUBRP.tmp to %APPDATA%\FFPortable\res\table-add-column-before.gif
  • from %APPDATA%\FFPortable\res\is-8OORK.tmp to %APPDATA%\FFPortable\res\table-add-row-after-active.gif
  • from %APPDATA%\FFPortable\modules\is-CG55O.tmp to %APPDATA%\FFPortable\modules\utils.js
  • from %APPDATA%\FFPortable\res\is-A9C64.tmp to %APPDATA%\FFPortable\res\table-add-row-after-hover.gif
  • from %APPDATA%\FFPortable\res\is-031BD.tmp to %APPDATA%\FFPortable\res\table-add-row-before-active.gif
  • from %APPDATA%\FFPortable\res\is-IH34O.tmp to %APPDATA%\FFPortable\res\table-add-row-before-hover.gif
  • from %APPDATA%\FFPortable\res\is-S2PQK.tmp to %APPDATA%\FFPortable\res\table-add-row-before.gif
  • from %APPDATA%\FFPortable\res\is-7JNSA.tmp to %APPDATA%\FFPortable\res\table-remove-column-active.gif
  • from %APPDATA%\FFPortable\res\is-GUL9V.tmp to %APPDATA%\FFPortable\res\table-remove-column-hover.gif
  • from %APPDATA%\FFPortable\res\is-EHK8J.tmp to %APPDATA%\FFPortable\res\table-remove-column.gif
  • from %APPDATA%\FFPortable\res\is-N0I4V.tmp to %APPDATA%\FFPortable\res\table-remove-row-active.gif
  • from %APPDATA%\FFPortable\res\is-26V2V.tmp to %APPDATA%\FFPortable\res\table-remove-row-hover.gif
  • from %APPDATA%\FFPortable\res\is-A9TA8.tmp to %APPDATA%\FFPortable\res\table-remove-row.gif
  • from %APPDATA%\FFPortable\res\is-60G50.tmp to %APPDATA%\FFPortable\res\ua.css
  • from %APPDATA%\FFPortable\res\is-6N0PS.tmp to %APPDATA%\FFPortable\res\viewsource.css
  • from %APPDATA%\FFPortable\res\is-EQOEG.tmp to %APPDATA%\FFPortable\res\wincharset.properties
  • from %APPDATA%\FFPortable\res\is-K6ON5.tmp to %APPDATA%\FFPortable\res\html.css
  • from %APPDATA%\FFPortable\res\is-613JE.tmp to %APPDATA%\FFPortable\res\langGroups.properties
  • from %APPDATA%\FFPortable\res\is-ICV15.tmp to %APPDATA%\FFPortable\res\hiddenWindow.html
  • from %APPDATA%\FFPortable\res\is-E49BD.tmp to %APPDATA%\FFPortable\res\grabber.gif
  • from %APPDATA%\FFPortable\res\is-VLLRT.tmp to %APPDATA%\FFPortable\res\forms.css
  • from %APPDATA%\FFPortable\modules\is-G17AO.tmp to %APPDATA%\FFPortable\modules\DownloadLastDir.jsm
  • from %APPDATA%\FFPortable\modules\is-QTR8T.tmp to %APPDATA%\FFPortable\modules\DownloadUtils.jsm
  • from %APPDATA%\FFPortable\modules\is-R75L0.tmp to %APPDATA%\FFPortable\modules\FileUtils.jsm
  • from %APPDATA%\FFPortable\modules\is-TM2RO.tmp to %APPDATA%\FFPortable\modules\ISO8601DateUtils.jsm
  • from %APPDATA%\FFPortable\modules\is-6KBGK.tmp to %APPDATA%\FFPortable\modules\LightweightThemeConsumer.jsm
  • from %APPDATA%\FFPortable\modules\is-09FPC.tmp to %APPDATA%\FFPortable\modules\LightweightThemeManager.jsm
  • from %APPDATA%\FFPortable\modules\is-UGA6B.tmp to %APPDATA%\FFPortable\modules\Microformats.js
  • from %APPDATA%\FFPortable\modules\is-5DFDE.tmp to %APPDATA%\FFPortable\modules\NetUtil.jsm
  • from %APPDATA%\FFPortable\modules\is-2KNG4.tmp to %APPDATA%\FFPortable\modules\NetworkPrioritizer.jsm
  • from %APPDATA%\FFPortable\modules\is-RBDPO.tmp to %APPDATA%\FFPortable\modules\openLocationLastURL.jsm
  • from %APPDATA%\FFPortable\modules\is-5TAN5.tmp to %APPDATA%\FFPortable\modules\PlacesDBUtils.jsm
  • from %APPDATA%\FFPortable\modules\is-KE6CD.tmp to %APPDATA%\FFPortable\modules\PluralForm.jsm
  • from %APPDATA%\FFPortable\res\dtd\is-31CJ0.tmp to %APPDATA%\FFPortable\res\dtd\mathml.dtd
  • from %APPDATA%\FFPortable\res\is-OEGIP.tmp to %APPDATA%\FFPortable\res\table-add-row-after.gif
  • from %APPDATA%\FFPortable\modules\is-F1G1T.tmp to %APPDATA%\FFPortable\modules\SpatialNavigation.js
  • from %APPDATA%\FFPortable\modules\is-OM4EC.tmp to %APPDATA%\FFPortable\modules\WindowsPreviewPerTab.jsm
  • from %APPDATA%\FFPortable\modules\is-VTSIP.tmp to %APPDATA%\FFPortable\modules\XPCOMUtils.jsm
  • from %APPDATA%\FFPortable\plugins\is-OCIT4.tmp to %APPDATA%\FFPortable\plugins\npbasic.dll
  • from %APPDATA%\FFPortable\plugins\is-DPUM3.tmp to %APPDATA%\FFPortable\plugins\npnul32.dll
  • from %APPDATA%\FFPortable\res\is-LTED4.tmp to %APPDATA%\FFPortable\res\arrow.gif
  • from %APPDATA%\FFPortable\res\is-2KD3G.tmp to %APPDATA%\FFPortable\res\arrowd.gif
  • from %APPDATA%\FFPortable\res\is-UDV3L.tmp to %APPDATA%\FFPortable\res\broken-image.png
  • from %APPDATA%\FFPortable\res\is-37RLO.tmp to %APPDATA%\FFPortable\res\charsetalias.properties
  • from %APPDATA%\FFPortable\res\is-44V6C.tmp to %APPDATA%\FFPortable\res\charsetData.properties
  • from %APPDATA%\FFPortable\res\is-3V08P.tmp to %APPDATA%\FFPortable\res\contenteditable.css
  • from %APPDATA%\FFPortable\res\is-U2R13.tmp to %APPDATA%\FFPortable\res\designmode.css
  • from %APPDATA%\FFPortable\res\is-DIJNR.tmp to %APPDATA%\FFPortable\res\EditorOverride.css
  • from %APPDATA%\FFPortable\modules\is-4MU5I.tmp to %APPDATA%\FFPortable\modules\distribution.js
  • from %APPDATA%\FFPortable\modules\is-R0EI4.tmp to %APPDATA%\FFPortable\modules\WindowDraggingUtils.jsm
  • from %APPDATA%\FFPortable\res\dtd\is-HBERK.tmp to %APPDATA%\FFPortable\res\dtd\xhtml11.dtd
  • from %APPDATA%\FFPortable\res\entityTables\is-R4M23.tmp to %APPDATA%\FFPortable\res\entityTables\html40Latin1.properties
  • from %APPDATA%\FFPortable\res\entityTables\is-28DAM.tmp to %APPDATA%\FFPortable\res\entityTables\html40Special.properties
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iusF.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\Obj11.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\Objectps.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setud45d.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.inx
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\LICEd4ab.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\LICENSE.txt
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setud4ca.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\SetupCfg.exe
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_ISUd509.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_ISUser.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\cored538.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\corecomp.ini
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Strid567.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\StringTable-0009-English.ips
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\isrtd5b5.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\isrtd5a5.rra
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\isrtd613.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\isrt.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\defad680.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\default.pal
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_IsRd6af.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\_IsRes.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\setud74b.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\setup.inx
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\Strid7d8.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\StringTable-0009-English.ips
  • from %APPDATA%\FFPortable\modules\is-MR1CC.tmp to %APPDATA%\FFPortable\modules\debug.js
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\isrtd826.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\isrt.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\defad874.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\default.pal
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRd8a3.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRd893.rra
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRd8f1.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRes.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\setud98d.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\setup.inx
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\Strida0a.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\StringTable-0009-English.ips
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\isrtd5a5.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\isrt.dll
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\defad661.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\default.pal
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRdac6.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRes.dll
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.cache to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions.cache
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.ini to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions.ini
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\prefs-1.js to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\prefs.js
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.rdf to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions.rdf
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iscE.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
  • from %APPDATA%\FFPortable\searchplugins\is-2F4FB.tmp to %APPDATA%\FFPortable\searchplugins\eBay.xml
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\ctoD.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
  • from %APPDATA%\FFPortable\searchplugins\is-T2NBS.tmp to %APPDATA%\FFPortable\searchplugins\creativecommons.xml
  • from %APPDATA%\FFPortable\res\entityTables\is-K79UT.tmp to %APPDATA%\FFPortable\res\entityTables\html40Symbols.properties
  • from %APPDATA%\FFPortable\res\entityTables\is-RGAI9.tmp to %APPDATA%\FFPortable\res\entityTables\htmlEntityVersions.properties
  • from %APPDATA%\FFPortable\res\entityTables\is-6SCQD.tmp to %APPDATA%\FFPortable\res\entityTables\mathml20.properties
  • from %APPDATA%\FFPortable\res\entityTables\is-T2S79.tmp to %APPDATA%\FFPortable\res\entityTables\transliterate.properties
  • from %APPDATA%\FFPortable\res\fonts\is-B25SQ.tmp to %APPDATA%\FFPortable\res\fonts\mathfont.properties
  • from %APPDATA%\FFPortable\res\fonts\is-HMDIN.tmp to %APPDATA%\FFPortable\res\fonts\mathfontStandardSymbolsL.properties
  • from %APPDATA%\FFPortable\res\fonts\is-S4GJI.tmp to %APPDATA%\FFPortable\res\fonts\mathfontSTIXNonUnicode.properties
  • from %APPDATA%\FFPortable\res\fonts\is-2IMO0.tmp to %APPDATA%\FFPortable\res\fonts\mathfontSTIXSize1.properties
  • from %APPDATA%\FFPortable\res\fonts\is-P8GFD.tmp to %APPDATA%\FFPortable\res\fonts\mathfontSymbol.properties
  • from %APPDATA%\FFPortable\res\fonts\is-B90AL.tmp to %APPDATA%\FFPortable\res\fonts\mathfontUnicode.properties
  • from %APPDATA%\FFPortable\res\html\is-1R3I9.tmp to %APPDATA%\FFPortable\res\html\folder.png
  • from %APPDATA%\FFPortable\searchplugins\is-8AVKJ.tmp to %APPDATA%\FFPortable\searchplugins\amazondotcom.xml
  • from %APPDATA%\FFPortable\searchplugins\is-19FDE.tmp to %APPDATA%\FFPortable\searchplugins\answers.xml
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes-1.rdf to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes.rdf
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iKeB.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
  • from %APPDATA%\FFPortable\searchplugins\is-678OR.tmp to %APPDATA%\FFPortable\searchplugins\google.xml
  • from %APPDATA%\FFPortable\searchplugins\is-42K1M.tmp to %APPDATA%\FFPortable\searchplugins\wikipedia.xml
  • from %APPDATA%\FFPortable\searchplugins\is-JQ1C3.tmp to %APPDATA%\FFPortable\searchplugins\yahoo.xml
  • from %APPDATA%\FFPortable\uninstall\is-TUKNF.tmp to %APPDATA%\FFPortable\uninstall\helper.exe
  • from %APPDATA%\is-M2H4G.tmp to %APPDATA%\pinnacle-setup.exe
  • from %TEMP%\isp2.tmp\temp.000 to %TEMP%\isp2.tmp\setup.dll
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp4.tmp\temp.000 to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp4.tmp\setup.dll
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp4.tmp\setup.dll to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp7.tmp\temp.000 to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp7.tmp\IGdi.dll
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\isp7.tmp\IGdi.dll to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
  • from %TEMP%\isp6.tmp\temp.000 to %TEMP%\isp6.tmp\_Setup.dll
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat.tmp to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat.tmp to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat
  • from %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\DotC.tmp to %CommonProgramFiles%\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
  • from %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\Strid7a9.rra to %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\Strid799.rra
  • from %APPDATA%\FFPortable\modules\is-7TFGJ.tmp to %APPDATA%\FFPortable\modules\ctypes.jsm
  • from %APPDATA%\FFPortable\defaults\pref\is-OC42M.tmp to %APPDATA%\FFPortable\defaults\pref\firefox.js
  • from %APPDATA%\FFPortable\chrome\is-9N0US.tmp to %APPDATA%\FFPortable\chrome\browser.manifest
  • from %APPDATA%\FFPortable\chrome\is-05OQQ.tmp to %APPDATA%\FFPortable\chrome\classic.jar
  • from %APPDATA%\FFPortable\chrome\is-CAKGO.tmp to %APPDATA%\FFPortable\chrome\classic.manifest
  • from %APPDATA%\FFPortable\chrome\is-6SSHO.tmp to %APPDATA%\FFPortable\chrome\comm.jar
  • from %APPDATA%\FFPortable\chrome\is-5L0MV.tmp to %APPDATA%\FFPortable\chrome\comm.manifest
  • from %APPDATA%\FFPortable\chrome\is-169I9.tmp to %APPDATA%\FFPortable\chrome\en-US.jar
  • from %APPDATA%\FFPortable\chrome\is-T1213.tmp to %APPDATA%\FFPortable\chrome\en-US.manifest
  • from %APPDATA%\FFPortable\chrome\is-PB1AB.tmp to %APPDATA%\FFPortable\chrome\pippki.jar
  • from %APPDATA%\FFPortable\chrome\is-KOUKU.tmp to %APPDATA%\FFPortable\chrome\pippki.manifest
  • from %APPDATA%\FFPortable\chrome\is-4ETN6.tmp to %APPDATA%\FFPortable\chrome\reporter.jar
  • from %APPDATA%\FFPortable\chrome\is-13V4L.tmp to %APPDATA%\FFPortable\chrome\reporter.manifest
  • from %APPDATA%\FFPortable\chrome\is-3RCJ9.tmp to %APPDATA%\FFPortable\chrome\toolkit.jar
  • from %APPDATA%\FFPortable\is-JGIF1.tmp to %APPDATA%\FFPortable\nssckbi.dll
  • from %APPDATA%\FFPortable\chrome\is-OANKI.tmp to %APPDATA%\FFPortable\chrome\toolkit.manifest
  • from %APPDATA%\FFPortable\components\is-TUDH9.tmp to %APPDATA%\FFPortable\components\browserdirprovider.dll
  • from %APPDATA%\FFPortable\components\is-KIUP9.tmp to %APPDATA%\FFPortable\components\brwsrcmp.dll
  • from %APPDATA%\FFPortable\components\is-G85LJ.tmp to %APPDATA%\FFPortable\components\components.list
  • from %APPDATA%\FFPortable\components\is-NN38C.tmp to %APPDATA%\FFPortable\components\compreg.dat
  • from %APPDATA%\FFPortable\components\is-3770K.tmp to %APPDATA%\FFPortable\components\FeedConverter.js
  • from %APPDATA%\FFPortable\components\is-9LGT4.tmp to %APPDATA%\FFPortable\components\FeedProcessor.js
  • from %APPDATA%\FFPortable\components\is-OSTRO.tmp to %APPDATA%\FFPortable\components\FeedWriter.js
  • from %APPDATA%\FFPortable\components\is-VPG65.tmp to %APPDATA%\FFPortable\components\fuelApplication.js
  • from %APPDATA%\FFPortable\components\is-UNBGH.tmp to %APPDATA%\FFPortable\components\GPSDGeolocationProvider.js
  • from %APPDATA%\FFPortable\components\is-1LQJH.tmp to %APPDATA%\FFPortable\components\jsconsole-clhandler.js
  • from %APPDATA%\FFPortable\components\is-3JEEP.tmp to %APPDATA%\FFPortable\components\NetworkGeolocationProvider.js
  • from %APPDATA%\FFPortable\components\is-5M3KD.tmp to %APPDATA%\FFPortable\components\nsAddonRepository.js
  • from %APPDATA%\FFPortable\is-ABV1V.tmp to %APPDATA%\FFPortable\xul.dll
  • from %APPDATA%\FFPortable\chrome\is-FVGGO.tmp to %APPDATA%\FFPortable\chrome\browser.jar
  • from %APPDATA%\FFPortable\is-MOUQ2.tmp to %APPDATA%\FFPortable\xpcom.dll
  • from %APPDATA%\FFPortable\is-RU1KU.tmp to %APPDATA%\FFPortable\updater.ini
  • from %APPDATA%\FFPortable\is-3US2I.tmp to %APPDATA%\FFPortable\update.locale
  • from %APPDATA%\FFPortable\is-TCKO6.tmp to %APPDATA%\FFPortable\application.ini
  • from %APPDATA%\FFPortable\is-4PE1D.tmp to %APPDATA%\FFPortable\blocklist.xml
  • from %APPDATA%\FFPortable\is-8QPPP.tmp to %APPDATA%\FFPortable\browserconfig.properties
  • from %APPDATA%\FFPortable\is-JQV6P.tmp to %APPDATA%\FFPortable\crashreporter-override.ini
  • from %APPDATA%\FFPortable\is-ELN85.tmp to %APPDATA%\FFPortable\crashreporter.exe
  • from %APPDATA%\FFPortable\is-958G8.tmp to %APPDATA%\FFPortable\crashreporter.ini
  • from %APPDATA%\FFPortable\is-1D3UV.tmp to %APPDATA%\FFPortable\freebl3.chk
  • from %APPDATA%\FFPortable\is-D5F7P.tmp to %APPDATA%\FFPortable\freebl3.dll
  • from %APPDATA%\FFPortable\is-PRPG1.tmp to %APPDATA%\FFPortable\js3250.dll
  • from %APPDATA%\FFPortable\is-4UE6I.tmp to %APPDATA%\FFPortable\LICENSE
  • from %APPDATA%\FFPortable\is-P04PE.tmp to %APPDATA%\FFPortable\mozcrt19.dll
  • from %APPDATA%\FFPortable\is-1P932.tmp to %APPDATA%\FFPortable\nspr4.dll
  • from %APPDATA%\FFPortable\components\is-DHF2L.tmp to %APPDATA%\FFPortable\components\nsBadCertHandler.js
  • from %APPDATA%\FFPortable\components\is-4QTKA.tmp to %APPDATA%\FFPortable\components\browser.xpt
  • from %APPDATA%\FFPortable\is-MT7BH.tmp to %APPDATA%\FFPortable\nss3.dll
  • from %APPDATA%\FFPortable\is-QK05E.tmp to %APPDATA%\FFPortable\nssdbm3.dll
  • from %APPDATA%\FFPortable\is-UIPQD.tmp to %APPDATA%\FFPortable\nssutil3.dll
  • from %APPDATA%\FFPortable\is-5FA8G.tmp to %APPDATA%\FFPortable\platform.ini
  • from %APPDATA%\FFPortable\is-GNL95.tmp to %APPDATA%\FFPortable\plc4.dll
  • from %APPDATA%\FFPortable\is-C4GFL.tmp to %APPDATA%\FFPortable\plds4.dll
  • from %APPDATA%\FFPortable\is-VVL0E.tmp to %APPDATA%\FFPortable\README.txt
  • from %APPDATA%\FFPortable\is-A625L.tmp to %APPDATA%\FFPortable\smime3.dll
  • from %APPDATA%\FFPortable\is-ROSLT.tmp to %APPDATA%\FFPortable\softokn3.chk
  • from %APPDATA%\FFPortable\is-VJ4ME.tmp to %APPDATA%\FFPortable\softokn3.dll
  • from %APPDATA%\FFPortable\is-KQ65C.tmp to %APPDATA%\FFPortable\sqlite3.dll
  • from %APPDATA%\FFPortable\is-J4KD8.tmp to %APPDATA%\FFPortable\ssl3.dll
  • from %APPDATA%\FFPortable\is-8266U.tmp to %APPDATA%\FFPortable\update.exe
  • from %APPDATA%\FFPortable\is-LA87D.tmp to %APPDATA%\FFPortable\AccessibleMarshal.dll
  • from %APPDATA%\FFPortable\is-2GKUT.tmp to %APPDATA%\FFPortable\nssdbm3.chk
  • from %APPDATA%\FFPortable\components\is-VQO58.tmp to %APPDATA%\FFPortable\components\nsBlocklistService.js
  • from %APPDATA%\FFPortable\components\is-HESQF.tmp to %APPDATA%\FFPortable\components\nsBrowserContentHandler.js
  • from %APPDATA%\FFPortable\components\is-S0GDQ.tmp to %APPDATA%\FFPortable\components\nsBrowserGlue.js
  • from %APPDATA%\FFPortable\components\is-JBU8M.tmp to %APPDATA%\FFPortable\components\nsURLFormatter.js
  • from %APPDATA%\FFPortable\components\is-ELK2D.tmp to %APPDATA%\FFPortable\components\nsWebHandlerApp.js
  • from %APPDATA%\FFPortable\components\is-J4O78.tmp to %APPDATA%\FFPortable\components\pluginGlue.js
  • from %APPDATA%\FFPortable\components\is-KM8KK.tmp to %APPDATA%\FFPortable\components\storage-Legacy.js
  • from %APPDATA%\FFPortable\components\is-P8D1O.tmp to %APPDATA%\FFPortable\components\storage-mozStorage.js
  • from %APPDATA%\FFPortable\components\is-0Q6MM.tmp to %APPDATA%\FFPortable\components\txEXSLTRegExFunctions.js
  • from %APPDATA%\FFPortable\components\is-520VI.tmp to %APPDATA%\FFPortable\components\WebContentConverter.js
  • from %APPDATA%\FFPortable\components\is-GREDA.tmp to %APPDATA%\FFPortable\components\xpti.dat
  • from %APPDATA%\FFPortable\defaults\autoconfig\is-RVBOA.tmp to %APPDATA%\FFPortable\defaults\autoconfig\platform.js
  • from %APPDATA%\FFPortable\defaults\autoconfig\is-8P9EH.tmp to %APPDATA%\FFPortable\defaults\autoconfig\prefcalls.js
  • from %APPDATA%\FFPortable\defaults\pref\is-H1SPQ.tmp to %APPDATA%\FFPortable\defaults\pref\channel-prefs.js
  • from %APPDATA%\FFPortable\defaults\pref\is-2JVVG.tmp to %APPDATA%\FFPortable\defaults\pref\firefox-branding.js
  • from %APPDATA%\FFPortable\defaults\pref\is-773U5.tmp to %APPDATA%\FFPortable\defaults\pref\firefox-l10n.js
  • from %APPDATA%\FFPortable\defaults\pref\is-SJAHM.tmp to %APPDATA%\FFPortable\defaults\pref\reporter.js
  • from %APPDATA%\FFPortable\modules\is-9I2PM.tmp to %APPDATA%\FFPortable\modules\CertUtils.jsm
  • from %APPDATA%\FFPortable\defaults\profile\is-RUFLS.tmp to %APPDATA%\FFPortable\defaults\profile\bookmarks.html
  • from %APPDATA%\FFPortable\defaults\profile\is-TR990.tmp to %APPDATA%\FFPortable\defaults\profile\localstore.rdf
  • from %APPDATA%\FFPortable\defaults\profile\is-3AGVU.tmp to %APPDATA%\FFPortable\defaults\profile\mimeTypes.rdf
  • from %APPDATA%\FFPortable\defaults\profile\is-TI66U.tmp to %APPDATA%\FFPortable\defaults\profile\prefs.js
  • from %APPDATA%\FFPortable\defaults\profile\chrome\is-1U1F6.tmp to %APPDATA%\FFPortable\defaults\profile\chrome\userChrome-example.css
  • from %APPDATA%\FFPortable\defaults\profile\chrome\is-827IK.tmp to %APPDATA%\FFPortable\defaults\profile\chrome\userContent-example.css
  • from %APPDATA%\FFPortable\dictionaries\is-K6371.tmp to %APPDATA%\FFPortable\dictionaries\en-US.aff
  • from %APPDATA%\FFPortable\dictionaries\is-8F6TB.tmp to %APPDATA%\FFPortable\dictionaries\en-US.dic
  • from %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-I20U7.tmp to %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
  • from %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-3JGOO.tmp to %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
  • from %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\is-BACCM.tmp to %APPDATA%\FFPortable\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
  • from %APPDATA%\FFPortable\greprefs\is-HGSSL.tmp to %APPDATA%\FFPortable\greprefs\all.js
  • from %APPDATA%\FFPortable\greprefs\is-5AN9M.tmp to %APPDATA%\FFPortable\greprefs\security-prefs.js
  • from %APPDATA%\FFPortable\components\is-AFNUJ.tmp to %APPDATA%\FFPortable\components\nsUrlClassifierListManager.js
  • from %APPDATA%\FFPortable\components\is-FF4MK.tmp to %APPDATA%\FFPortable\components\nsPlacesDBFlush.js
  • from %APPDATA%\FFPortable\components\is-B92P1.tmp to %APPDATA%\FFPortable\components\nsUrlClassifierLib.js
  • from %APPDATA%\FFPortable\components\is-GDS8G.tmp to %APPDATA%\FFPortable\components\nsPlacesAutoComplete.js
  • from %APPDATA%\FFPortable\components\is-6A7SQ.tmp to %APPDATA%\FFPortable\components\nsContentDispatchChooser.js
  • from %APPDATA%\FFPortable\components\is-D9GF2.tmp to %APPDATA%\FFPortable\components\nsContentPrefService.js
  • from %APPDATA%\FFPortable\components\is-VU3EI.tmp to %APPDATA%\FFPortable\components\nsDefaultCLH.js
  • from %APPDATA%\FFPortable\components\is-SAJ17.tmp to %APPDATA%\FFPortable\components\nsDownloadManagerUI.js
  • from %APPDATA%\FFPortable\components\is-01S8O.tmp to %APPDATA%\FFPortable\components\nsExtensionManager.js
  • from %APPDATA%\FFPortable\components\is-94R1N.tmp to %APPDATA%\FFPortable\components\nsFormAutoComplete.js
  • from %APPDATA%\FFPortable\components\is-UNFUP.tmp to %APPDATA%\FFPortable\components\nsHandlerService.js
  • from %APPDATA%\FFPortable\components\is-IG7HA.tmp to %APPDATA%\FFPortable\components\nsHelperAppDlg.js
  • from %APPDATA%\FFPortable\components\is-0UGK6.tmp to %APPDATA%\FFPortable\components\nsLivemarkService.js
  • from %APPDATA%\FFPortable\components\is-0H61U.tmp to %APPDATA%\FFPortable\components\nsLoginInfo.js
  • from %APPDATA%\FFPortable\components\is-EE12S.tmp to %APPDATA%\FFPortable\components\nsLoginManager.js
  • from %APPDATA%\FFPortable\components\is-JVVKR.tmp to %APPDATA%\FFPortable\components\nsLoginManagerPrompter.js
  • from %APPDATA%\FFPortable\components\is-8NLGT.tmp to %APPDATA%\FFPortable\components\nsMicrosummaryService.js
  • from %APPDATA%\FFPortable\greprefs\is-9FAT5.tmp to %APPDATA%\FFPortable\greprefs\xpinstall.js
  • from %APPDATA%\FFPortable\components\is-U4HVD.tmp to %APPDATA%\FFPortable\components\nsUpdateServiceStub.js
  • from %APPDATA%\FFPortable\components\is-8GOMJ.tmp to %APPDATA%\FFPortable\components\nsPlacesTransactionsService.js
  • from %APPDATA%\FFPortable\components\is-I2LKK.tmp to %APPDATA%\FFPortable\components\nsPrivateBrowsingService.js
  • from %APPDATA%\FFPortable\components\is-QJB24.tmp to %APPDATA%\FFPortable\components\nsProxyAutoConfig.js
  • from %APPDATA%\FFPortable\components\is-GPLPP.tmp to %APPDATA%\FFPortable\components\nsSafebrowsingApplication.js
  • from %APPDATA%\FFPortable\components\is-HKHL9.tmp to %APPDATA%\FFPortable\components\nsSearchService.js
  • from %APPDATA%\FFPortable\components\is-EG3P4.tmp to %APPDATA%\FFPortable\components\nsSearchSuggestions.js
  • from %APPDATA%\FFPortable\components\is-V68FI.tmp to %APPDATA%\FFPortable\components\nsSessionStartup.js
  • from %APPDATA%\FFPortable\components\is-LTQG2.tmp to %APPDATA%\FFPortable\components\nsSessionStore.js
  • from %APPDATA%\FFPortable\components\is-6O13M.tmp to %APPDATA%\FFPortable\components\nsSetDefaultBrowser.js
  • from %APPDATA%\FFPortable\components\is-8A8S4.tmp to %APPDATA%\FFPortable\components\nsSidebar.js
  • from %APPDATA%\FFPortable\components\is-KFP5J.tmp to %APPDATA%\FFPortable\components\nsTaggingService.js
  • from %APPDATA%\FFPortable\components\is-JM217.tmp to %APPDATA%\FFPortable\components\nsTryToClose.js
  • from %APPDATA%\FFPortable\components\is-2VB8H.tmp to %APPDATA%\FFPortable\components\nsUpdateService.js
  • from %APPDATA%\FFPortable\components\is-UAMCV.tmp to %APPDATA%\FFPortable\components\nsUpdateTimerManager.js
  • from %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\localstore-1.rdf to %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\localstore.rdf
Substitutes the following files:
  • %APPDATA%\FFPortable\components\xpti.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\cookies.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes.rdf
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\mimeTypes-1.rdf
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\content-prefs.sqlite-journal
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\XUL.mfl
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.ini
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\extensions-1.cache
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\prefs-1.js
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\compreg.dat.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\xpti.dat.tmp
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\permissions.sqlite-journal
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\_IsRes.dll
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{565cffc3-824f-4e4a-980f-a36fe5199fe7}\StringTable-0009-English.ips
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\_IsRes.dll
  • %TEMP%\{611F2D3F-926C-4EAA-AFF8-FB9EEF0D3BBB}\{276a4a32-a727-4c52-827f-f90deceb5a93}\StringTable-0009-English.ips
  • <LS_APPDATA>\AMozilla\AFirefox\Profiles\9wyfd3t3.default\urlclassifier3.sqlite-journal
  • %APPDATA%\AMozilla\AFirefox\Profiles\9wyfd3t3.default\downloads.sqlite-journal
Network activity:
Connects to:
  • 'localhost':1037
  • 'localhost':1039
  • 'localhost':1041
  • '74.##5.232.51':443
  • 'fx####s.mozilla.com':80
  • 'as##j.com':80
  • 'mi###extube.net':80
TCP:
HTTP GET requests:
  • http://fx####s.mozilla.com/en-US/firefox/headlines.xml
  • http://www.as##j.com/ via as##j.com
  • http://mi###extube.net/
UDP:
  • DNS ASK sb-ssl.google.com
  • DNS ASK fx####s.mozilla.com
  • DNS ASK www.as##j.com
  • DNS ASK mi###extube.net
Miscellaneous:
Searches for the following windows:
  • ClassName: 'AFirefoxMessageWindow' WindowName: ''
Creates and executes the following:
  • '%TEMP%\is-1C5PK.tmp\<File name>.tmp' /SL5="$30092,23048672,57856,<Full path to file>"
  • '%APPDATA%\pinnacle-setup.exe'
  • '%APPDATA%\FFPortable\update.exe' about:robots
  • '%APPDATA%\pinnacle-setup.exe' -deleter
  • '%APPDATA%\FFPortable\uninstall\helper.exe' /SetAsDefaultAppUser

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play