Ad-Aware SE Build 1.05 Logfile Created on:Friday, November 26, 2004 1:40:49 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R20 25.11.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):2 total references BargainBuddy(TAC index:8):152 total references BlazeFind(TAC index:5):32 total references BookedSpace(TAC index:10):28 total references MRU List(TAC index:0):24 total references Other(TAC index:5):10 total references Possible Browser Hijack attempt(TAC index:3):14 total references Tracking Cookie(TAC index:3):2 total references WhenU(TAC index:10):2 total references WinAD(TAC index:7):1 total references WindUpdates(TAC index:8):7 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-26-2004 1:40:49 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\adobe\photoshop\7.0\visiteddirs Description : adobe photoshop 7 recent work folders MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-796845957-764733703-854245398-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Documents and Settings\Miskovic\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Miskovic\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 392 ThreadCreationTime : 11-25-2004 8:58:40 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 448 ThreadCreationTime : 11-25-2004 8:58:42 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 480 ThreadCreationTime : 11-25-2004 8:58:43 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 524 ThreadCreationTime : 11-25-2004 8:58:44 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 536 ThreadCreationTime : 11-25-2004 8:58:44 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 692 ThreadCreationTime : 11-25-2004 8:58:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 11-25-2004 8:58:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 792 ThreadCreationTime : 11-25-2004 8:58:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 840 ThreadCreationTime : 11-25-2004 8:58:50 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 932 ThreadCreationTime : 11-25-2004 8:58:51 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1148 ThreadCreationTime : 11-25-2004 8:58:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [frameworkservice.exe] FilePath : C:\Program Files\Network Associates\Common Framework\ ProcessID : 1276 ThreadCreationTime : 11-25-2004 8:58:56 PM BasePriority : Normal FileVersion : 3.0.0.595 ProductName : McAfee Common Framework CompanyName : Network Associates, Inc. FileDescription : Framework Service InternalName : Framework LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved. OriginalFilename : Framework.exe #:13 [mcshield.exe] FilePath : C:\Program Files\Network Associates\VirusScan\ ProcessID : 1328 ThreadCreationTime : 11-25-2004 8:58:56 PM BasePriority : High #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1336 ThreadCreationTime : 11-25-2004 8:58:56 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE Warning! BlazeFind Object found in memory(C:\WINDOWS\2_0_1browserhelper2.dll) BlazeFind Object Recognized! Type : Process Data : 2_0_1browserhelper2.dll Category : Malware Comment : Object : C:\WINDOWS\ #:15 [vstskmgr.exe] FilePath : C:\Program Files\Network Associates\VirusScan\ ProcessID : 1360 ThreadCreationTime : 11-25-2004 8:58:56 PM BasePriority : Normal #:16 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1528 ThreadCreationTime : 11-25-2004 8:58:57 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:17 [naprdmgr.exe] FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\ ProcessID : 1704 ThreadCreationTime : 11-25-2004 8:58:59 PM BasePriority : Normal FileVersion : 3.0.0.595 ProductName : McAfee Common Framework CompanyName : Network Associates, Inc. FileDescription : NAI Product Manager InternalName : Product Manager LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved. OriginalFilename : naPrdMgr.exe #:18 [shstat.exe] FilePath : C:\Program Files\Network Associates\VirusScan\ ProcessID : 1940 ThreadCreationTime : 11-25-2004 8:59:05 PM BasePriority : Normal #:19 [updaterui.exe] FilePath : C:\Program Files\Network Associates\Common Framework\ ProcessID : 1948 ThreadCreationTime : 11-25-2004 8:59:05 PM BasePriority : Normal FileVersion : 3.0.0.595 ProductName : McAfee Common Framework CompanyName : Network Associates, Inc. FileDescription : Common User Interface InternalName : UpdaterUI LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved. OriginalFilename : UpdaterUI.exe #:20 [ftctrl32.exe] FilePath : C:\PROGRAM FILES\FAXTALK COMMUNICATOR\ ProcessID : 1968 ThreadCreationTime : 11-25-2004 8:59:05 PM BasePriority : Normal FileVersion : 4.5.5.1050 ProductVersion : 4.5.5 ProductName : FaxTalk(r) CompanyName : Thought Communications, Inc. FileDescription : CallControl Application InternalName : FTCTRL32.EXE LegalCopyright : Copyright(c) Thought Communications, Inc. 1992-2002 LegalTrademarks : FaxTalk(r) is a registered trademark of Thought Communications, Inc. OriginalFilename : FTCTRL32.EXE #:21 [winadctl.exe] FilePath : C:\Program Files\Windows AdControl\ ProcessID : 1996 ThreadCreationTime : 11-25-2004 8:59:06 PM BasePriority : Normal Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdControl\WinAdCtl.exe) WindUpdates Object Recognized! Type : Process Data : WinAdCtl.exe Category : Data Miner Comment : Object : C:\Program Files\Windows AdControl\ "C:\Program Files\Windows AdControl\WinAdCtl.exe"Process terminated successfully "C:\Program Files\Windows AdControl\WinAdCtl.exe"Process terminated successfully #:22 [nls.exe] FilePath : C:\Program Files\NaviSearch\bin\ ProcessID : 2036 ThreadCreationTime : 11-25-2004 8:59:06 PM BasePriority : Normal FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : NAVISearch Module CompanyName : eXact Advertising FileDescription : NLS Module InternalName : NLS LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.exe #:23 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 176 ThreadCreationTime : 11-25-2004 8:59:07 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:24 [winadalt.exe] FilePath : C:\Program Files\Windows AdControl\ ProcessID : 208 ThreadCreationTime : 11-25-2004 8:59:07 PM BasePriority : Normal WindUpdates Object Recognized! Type : Process Data : WinAdAlt.exe Category : Data Miner Comment : (CSI MATCH) Object : C:\Program Files\Windows AdControl\ Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdControl\WinAdAlt.exe) "C:\Program Files\Windows AdControl\WinAdAlt.exe"Process terminated successfully "C:\Program Files\Windows AdControl\WinAdAlt.exe"Process terminated successfully #:25 [watch.exe] FilePath : C:\WINDOWS\twain_32\S6U12BX\ ProcessID : 260 ThreadCreationTime : 11-25-2004 8:59:07 PM BasePriority : Normal FileVersion : 2, 3, 5, 0 ProductVersion : 2, 3, 5, 0 ProductName : Watch Dog CompanyName : Common Group FileDescription : Watch Dog InternalName : Nora LegalCopyright : Copyright (C) 1998 OriginalFilename : WATCH.EXE #:26 [remind32.exe] FilePath : C:\Program Files\Corel\Graphics9\Register\ ProcessID : 364 ThreadCreationTime : 11-25-2004 8:59:08 PM BasePriority : Normal FileVersion : 2,5,1,0 ProductVersion : 2,5,1,0 ProductName : Intelliquest Reminder Application CompanyName : IntelliQuest Communications, Inc. FileDescription : Remind32.exe InternalName : Remind32.exe LegalCopyright : © IntelliQuest Communications, Inc. 1993-1998 OriginalFilename : Remind32.exe #:27 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1392 ThreadCreationTime : 11-25-2004 8:59:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:28 [mozilla.exe] FilePath : C:\PROGRA~1\MOZILLA.ORG\MOZILLA\ ProcessID : 228 ThreadCreationTime : 11-25-2004 10:27:24 PM BasePriority : Normal #:29 [bargains.exe] FilePath : C:\Program Files\BullsEye Network\bin\ ProcessID : 2516 ThreadCreationTime : 11-25-2004 10:45:07 PM BasePriority : Normal FileVersion : 2, 0, 0, 2 ProductVersion : 2, 0, 0, 2 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe #:30 [icq.exe] FilePath : C:\Program Files\ICQ\ ProcessID : 3284 ThreadCreationTime : 11-25-2004 11:05:22 PM BasePriority : Normal FileVersion : 5,5,6,3916 ProductVersion : 2003b ProductName : ICQ CompanyName : ICQ Inc. FileDescription : ICQ InternalName : ICQ LegalCopyright : Copyright © 1996 - 2001 ICQ Inc. All Rights Reserved. OriginalFilename : ICQ.exe Comments : ICQ V2003b #:31 [winamp.exe] FilePath : C:\Program Files\Winamp\ ProcessID : 1676 ThreadCreationTime : 11-26-2004 12:27:15 AM BasePriority : Normal FileVersion : 5.05 ProductVersion : 5.05 ProductName : Winamp CompanyName : Nullsoft FileDescription : Winamp InternalName : WINAMP LegalCopyright : Copyright © 1997-2004, Nullsoft, Inc. LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc. OriginalFilename : Winamp.exe Comments : Visit http://www.winamp.com/ for updates. #:32 [nsl.exe] FilePath : C:\Program Files\AnalogX\NetStat Live\ ProcessID : 2488 ThreadCreationTime : 11-26-2004 12:36:15 AM BasePriority : Normal #:33 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1732 ThreadCreationTime : 11-26-2004 12:40:31 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 27 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher.1 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher.1 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher.1 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher.1 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : MainDir BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingServerPath BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingGIFURL BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ErrLandingURL BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ErrLandingQuery BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingURLCount BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingURLEnable BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : LastQueryTime BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MainDir BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingServerPath BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingGIFURL BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2} BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : KeyVersion BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BHOVersion BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BHONew BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : KeyNew BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : KeyNew_Url BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BHONew_Url BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : KeyNew_Version BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BHONew_Version BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2} Value : BHO_Path BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : param BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : LastUpdate BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : DownloadPath BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : Language BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : SoftwareTable BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windows adcontrol Value : Request BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol Value : UninstallString BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol Value : DisplayName BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\bookedspace.dll BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\bookedspace.dll Value : AppID BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{0dc5cd9c-f603-4417-aa43-d457be3a9622} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{0dc5cd9c-f603-4417-aa43-d457be3a9622} Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bookedspace.extension BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bookedspace.extension Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bookedspace.extension.5 BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bookedspace.extension.5 Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0019c3e2-dd48-4a6d-ab2d-8d32436313d9} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0019c3e2-dd48-4a6d-ab2d-8d32436313d9} Value : BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0019c3e2-dd48-4a6d-ab2d-8d32436313d9} Value : AppID BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-b08a-4cfd-8c3d-9b2557770b6e} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-b08a-4cfd-8c3d-9b2557770b6e} Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0dc5cd9c-f603-4417-aa43-d457be3a9622} BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bookedspace BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f} WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-764733703-854245398-1003\software\whenu BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHit" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : "Windows AdControl" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Windows AdControl Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 157 Objects found so far: 184 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : DisplayName Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : UninstallString Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : DisplayVersion Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : Readme Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : DisplayIcon Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : HelpLink Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : NoModify Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : NoRepair BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : C:\WINDOWS\bs3.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : C:\WINDOWS\bs3.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} Value : BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : C:\WINDOWS\bs3.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} Value : AppID BookedSpace Object Recognized! Type : File Data : bs3.dll Category : Malware Comment : Object : c:\windows\ FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: InternalName : BookedSpace.dll LegalCopyright : TODO: (c) . All rights reserved. OriginalFilename : BookedSpace.dll BookedSpace Object Recognized! Type : Regkey Data : C:\WINDOWS\bs3.dll Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TYPELIB\{5CD19420-B328-47D5-A55F-1C07638EFDF8} BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : ({A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}) Rootkey : HKEY_CLASSES_ROOT Object : BookedSpace.Extension.3 BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : ({A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}) Rootkey : HKEY_CLASSES_ROOT Object : BookedSpace.Extension.3 Value : BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : "Bsx3" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Bsx3 BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : "bxsx5" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : bxsx5 BookedSpace Object Recognized! Type : File Data : bsx5.dll Category : Malware Comment : Object : c:\windows\ FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: InternalName : BookedSpace.dll LegalCopyright : TODO: (c) . All rights reserved. OriginalFilename : BookedSpace.dll Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 19 Objects found so far: 205 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : miskovic@2o7[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:miskovic@2o7.net/ Expires : 11-19-2009 5:32:46 PM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : miskovic@doubleclick[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:miskovic@doubleclick.net/ Expires : 11-20-2004 5:23:58 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 207 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : File Data : Del14.tmp Category : Data Miner Comment : Object : C:\Documents and Settings\Miskovic\Local Settings\Temp\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. WindUpdates Object Recognized! Type : File Data : WinAdCtl.exe Category : Data Miner Comment : Object : C:\Program Files\Windows AdControl\ WindUpdates Object Recognized! Type : File Data : WinAdShift.dll Category : Data Miner Comment : Object : C:\Program Files\Windows AdControl\ BargainBuddy Object Recognized! Type : File Data : A0003622.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{E518CCB6-AF32-4AF5-BD4B-AB256E9AA2DC}\RP14\ BargainBuddy Object Recognized! Type : File Data : A0003623.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{E518CCB6-AF32-4AF5-BD4B-AB256E9AA2DC}\RP14\ BargainBuddy Object Recognized! Type : File Data : A0003624.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{E518CCB6-AF32-4AF5-BD4B-AB256E9AA2DC}\RP14\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : apuc Module FileDescription : apuc Module InternalName : apuc LegalCopyright : Copyright 2001 OriginalFilename : apuc.DLL BargainBuddy Object Recognized! Type : File Data : A0003722.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{E518CCB6-AF32-4AF5-BD4B-AB256E9AA2DC}\RP15\ FileVersion : 1.00.0005 ProductVersion : 1.00.0005 ProductName : CashBack Flash Notification Module CompanyName : eXact Advertising InternalName : flash LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : flash.exe 180Solutions Object Recognized! Type : File Data : A0003728.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{E518CCB6-AF32-4AF5-BD4B-AB256E9AA2DC}\RP15\ BlazeFind Object Recognized! Type : File Data : 2_0_1browserhelper2.dll Category : Malware Comment : Object : C:\WINDOWS\ BlazeFind Object Recognized! Type : File Data : Key2.txt Category : Malware Comment : Object : C:\WINDOWS\ WinAD Object Recognized! Type : File Data : ide21201.vxd Category : Malware Comment : Object : C:\WINDOWS\system32\ BlazeFind Object Recognized! Type : File Data : UnstSA2.exe Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1.0.0.15 ProductVersion : 1.0.0.0 CompanyName : Kalptaru Infotech Ltd. Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 219 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 219 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 219 Possible Browser Hijack attempt Object Recognized! Type : File Data : Free AOL & Unlimited Internet.url Category : Misc Comment : Problematic URL discovered: http://free.aol.com/tryaolfree/index.adp?316941 Object : C:\Documents and Settings\Miskovic\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Free AOL & Unlimited Internet.url Category : Misc Comment : Problematic URL discovered: http://free.aol.com/tryaolfree/index.adp?316942 Object : C:\Documents and Settings\Miskovic\Favorites\Links\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Free AOL & Unlimited Internet.url Category : Misc Comment : Problematic URL discovered: http://free.aol.com/tryaolfree/index.adp?316939 Object : C:\Documents and Settings\Miskovic\Start Menu\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler Value : BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 Value : DisplayName BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 Value : UninstallString WindUpdates Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program Files\Windows AdControl WindUpdates Object Recognized! Type : File Data : Info.txt Category : Data Miner Comment : Object : C:\Program Files\windows adcontrol\ WindUpdates Object Recognized! Type : File Data : WinAdAlt.exe Category : Data Miner Comment : Object : C:\Program Files\windows adcontrol\ BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PIDNoCB BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PIDNoNLS BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PrevBBBuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstalledSystem BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : NaviSearch BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\BullsEye Network BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\Bargain Buddy BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\NaviSearch BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\navisearch\bin BargainBuddy Object Recognized! Type : File Data : nvms.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 2, 0, 0, 19 ProductVersion : 2, 0, 0, 19 ProductName : nls.dll Module CompanyName : eXact Advertising FileDescription : nls.dll Module InternalName : nls.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.dll BargainBuddy Object Recognized! Type : File Data : exul.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exdl.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : adv.exe Category : Malware Comment : Object : C:\Program Files\bullseye network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe Category : Malware Comment : Object : C:\Program Files\bullseye network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe BargainBuddy Object Recognized! Type : File Data : bargains.exe Category : Malware Comment : Object : C:\Program Files\bullseye network\bin\ FileVersion : 2, 0, 0, 2 ProductVersion : 2, 0, 0, 2 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : 2004_11_25.data.zip Category : Malware Comment : Object : C:\Program Files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ad.dat Category : Malware Comment : Object : C:\Program Files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ub.dat Category : Malware Comment : Object : C:\Program Files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe Category : Malware Comment : Object : C:\Program Files\bullseye network\ FileVersion : 8.0.3.3 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module BargainBuddy Object Recognized! Type : File Data : angelex.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 BargainBuddy Object Recognized! Type : File Data : msbe.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 2, 0, 0, 17 ProductVersion : 2, 0, 0, 17 ProductName : apuc Module CompanyName : eXact Advertising FileDescription : apuc Module InternalName : apuc LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL BargainBuddy Object Recognized! Type : File Data : nls.exe Category : Malware Comment : Object : C:\Program Files\navisearch\bin\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : NAVISearch Module CompanyName : eXact Advertising FileDescription : NLS Module InternalName : NLS LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.exe BargainBuddy Object Recognized! Type : File Data : ad.dat Category : Malware Comment : Object : C:\Program Files\navisearch\ BargainBuddy Object Recognized! Type : File Data : t1101302699.dec Category : Malware Comment : Object : C:\Program Files\navisearch\ BargainBuddy Object Recognized! Type : File Data : t1101395491.dec Category : Malware Comment : Object : C:\Program Files\navisearch\ BargainBuddy Object Recognized! Type : File Data : ub.dat Category : Malware Comment : Object : C:\Program Files\navisearch\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe Category : Malware Comment : Object : C:\Program Files\navisearch\ FileVersion : 8.0.3.3 ProductName : NaviSearch CompanyName : eXact Advertising FileDescription : NAVISearch Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : NaviSearch Module BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows BookedSpace Object Recognized! Type : File Data : bsx32.ini Category : Malware Comment : Object : C:\WINDOWS\ WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\whenu Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 52 Objects found so far: 274 1:52:32 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:43.291 Objects scanned:99281 Objects identified:257 Objects ignored:0 New critical objects:257