Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CashBack' = '%PROGRAM_FILES%\CashBack\bin\cashback.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NaviSearch' = '%PROGRAM_FILES%\NaviSearch\bin\nls.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BullsEye Network' = '%PROGRAM_FILES%\BullsEye Network\bin\bargains.exe'
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %WINDIR%\exdl.exe 3~No 2~No 1~No
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- %WINDIR%\cb8040_MARKETING13.exe
- %WINDIR%\adp8040_MARKETING13.exe
- %PROGRAM_FILES%\Funcade\package_funcade_MARKETING13.exe
- %WINDIR%\nls8039_MARKETING13.exe
- %PROGRAM_FILES%\Funcade\funcade.exe
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\mscb.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\nvms.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\msbe.dll
- %PROGRAM_FILES%\CashBack\bb_auto_wider.swf
- %PROGRAM_FILES%\CashBack\bb_welcome.html
- %PROGRAM_FILES%\CashBack\template2.html
- %PROGRAM_FILES%\CashBack\bb_click_wider.swf
- %PROGRAM_FILES%\CashBack\bb_welcome1.swf
- %PROGRAM_FILES%\CashBack\logo.gif
- %PROGRAM_FILES%\CashBack\bin\cashback.exe
- %PROGRAM_FILES%\CashBack\blank.gif
- %PROGRAM_FILES%\CashBack\icon.gif
- %WINDIR%\cb8040_MARKETING13.exe
- %TEMP%\nsaA.tmp
- <SYSTEM32>\nvms.dll
- %PROGRAM_FILES%\NaviSearch\Uninstall.exe
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\CashBack\flash.exe
- %PROGRAM_FILES%\CashBack\template.html
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %PROGRAM_FILES%\NaviSearch\t1309778671.dec
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\webservice[1].main
- <SYSTEM32>\mscb.dll
- %PROGRAM_FILES%\CashBack\Uninstall.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\webservice[1].main
- <SYSTEM32>\exdl2.exe
- <SYSTEM32>\exdl1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\webservice[1].main
- <SYSTEM32>\exdl3.exe
- C:\temp\bb_click_wider.swf
- C:\temp\bb_auto_wider.swf
- %PROGRAM_FILES%\CashBack\bin\cb.exe
- %PROGRAM_FILES%\CashBack\bin\flash.exe
- C:\temp\bb_welcome.html
- C:\temp\icon.gif
- C:\temp\logo.gif
- C:\temp\bb_welcome1.swf
- C:\temp\blank.gif
- <SYSTEM32>\javexulm.vxd
- <SYSTEM32>\bbchk.exe
- <SYSTEM32>\mqexdlm.srg
- <SYSTEM32>\exul.exe
- %HOMEPATH%\Desktop\Funcade.lnk
- %WINDIR%\adp8040_MARKETING13.exe
- %HOMEPATH%\Start Menu\Programs\Funcade\Funcade.lnk
- %WINDIR%\exclean.exe
- <SYSTEM32>\exclean.exe
- %PROGRAM_FILES%\Funcade\package_funcade_MARKETING13.exe
- %PROGRAM_FILES%\Funcade\uninstall.exe
- %TEMP%\nsw2.tmp
- %PROGRAM_FILES%\Funcade\funcade.exe
- %TEMP%\nsc4.tmp
- %WINDIR%\bbchk.exe
- <SYSTEM32>\exdl.exe
- %WINDIR%\exdl.exe
- %WINDIR%\exul.exe
- %WINDIR%\nls8039_MARKETING13.exe
- %TEMP%\nsy8.tmp
- <SYSTEM32>\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\Uninstall.exe
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\NaviSearch\bin\nls.exe
- %PROGRAM_FILES%\NaviSearch\ad.dat
- %PROGRAM_FILES%\NaviSearch\nls.exe
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- %HOMEPATH%\Start Menu\Programs\Funcade\Uninstall.lnk
- %TEMP%\nsc6.tmp
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adv.exe
- %PROGRAM_FILES%\BullsEye Network\bin\adx.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bin\bargains.exe
- %PROGRAM_FILES%\CashBack\flash.exe
- %WINDIR%\cb8040_MARKETING13.exe
- %PROGRAM_FILES%\CashBack\cashback.exe
- %PROGRAM_FILES%\CashBack\cb.exe
- %WINDIR%\exdl.exe
- %WINDIR%\exclean.exe
- %PROGRAM_FILES%\NaviSearch\t1309778671.dec
- %WINDIR%\exul.exe
- %WINDIR%\bbchk.exe
- %PROGRAM_FILES%\CashBack\mscb.dll
- %PROGRAM_FILES%\BullsEye Network\adv.exe
- %PROGRAM_FILES%\BullsEye Network\adx.exe
- %PROGRAM_FILES%\BullsEye Network\msbe.dll
- %PROGRAM_FILES%\BullsEye Network\bargains.exe
- %WINDIR%\adp8040_MARKETING13.exe
- %PROGRAM_FILES%\NaviSearch\ad-nls.dat
- %WINDIR%\nls8039_MARKETING13.exe
- %PROGRAM_FILES%\NaviSearch\nvms.dll
- %PROGRAM_FILES%\NaviSearch\nls.exe
- 'se######.bargain-buddy.net':80
- se######.bargain-buddy.net/scripts/adpopper/webservice.main?ve###################################################
- DNS ASK se######.bargain-buddy.net
- ClassName: 'nls_wnd_class' WindowName: 'nls module'
- ClassName: 'cashback_wnd_class' WindowName: 'cashback module'
- ClassName: 'adp_wnd_class' WindowName: 'adp module'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'adp_wnd_class' WindowName: 'adp'