Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WhenUSave' = '%PROGRAM_FILES%\Save\Save.exe'
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A00C40B-DA85-4aa3-A67F-582D9347EECD}] 'Exec' = '<SYSTEM32>\TD.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ClockSync' = '%PROGRAM_FILES%\ClockSync\Sync.exe /q'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ContentService' = '<SYSTEM32>\winservn.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Srid' = '%APPDATA%\boae.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SuperBar Installer' = 'c:\superbarinstaller_wildmedia.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'IEDriver' = '<SYSTEM32>\IEDriver\IEDriver.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bargains' = '%PROGRAM_FILES%\Bargain Buddy\bin\bargains.exe'
- '%APPDATA%\boae.exe'
- '<SYSTEM32>\IEDriver\IEDRIVER.EXE'
- '%TEMP%\ckz20f09\Setup.exe'
- '<SYSTEM32>\winservn.exe' /no_ads
- '%PROGRAM_FILES%\ClockSync\Sync.exe' /q
- '%PROGRAM_FILES%\Save\Save.exe'
- '%PROGRAM_FILES%\Bargain Buddy\bin\bargains.exe'
- 'C:\superbarinstaller_wildmedia.exe'
- 'C:\ps_install-kim.exe'
- 'C:\setup_td.exe'
- '<Current directory>\rs.exe'
- 'C:\wmedia_bbi8015.exe'
- 'C:\SaveInstCm.exe' /tSTAT0703 /d"Statblaster" /f"%PROGRAM_FILES%\WildMedia\statblaster.exe" /x
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\notify[1].php
- <SYSTEM32>\sb.htm
- <SYSTEM32>\TD.exe
- %PROGRAM_FILES%\Save\SET3.tmp
- %PROGRAM_FILES%\Save\SET6.tmp
- %PROGRAM_FILES%\Save\SET5.tmp
- %PROGRAM_FILES%\Save\SET4.tmp
- <SYSTEM32>\IEDriver\sx.htm
- <SYSTEM32>\IEDriver\vi.tty
- <SYSTEM32>\IEDriver\vii.tty
- <SYSTEM32>\IEDriver\5.exe
- <SYSTEM32>\IEDriver\td.exe
- <SYSTEM32>\IEDriver\IEDriver.bin
- <SYSTEM32>\IEDriver\3.exe
- %PROGRAM_FILES%\ClockSync\SETE.tmp
- %PROGRAM_FILES%\ClockSync\SETD.tmp
- %PROGRAM_FILES%\ClockSync\SETC.tmp
- %PROGRAM_FILES%\Bargain Buddy\error.log
- %HOMEPATH%\Start Menu\Programs\ClockSync\ClockSync.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\query[1].php
- %HOMEPATH%\Start Menu\Programs\PurityScan\PurityScan.lnk
- %PROGRAM_FILES%\Save\SET9.tmp
- %PROGRAM_FILES%\Save\SET8.tmp
- %PROGRAM_FILES%\Save\SET7.tmp
- %PROGRAM_FILES%\Save\SETA.tmp
- %PROGRAM_FILES%\ClockSync\SETB.tmp
- %PROGRAM_FILES%\PurityScan\PuritySCAN.exe
- <SYSTEM32>\winservn.exe
- %TEMP%\ckz20f09\Files\IEDRIVER.EXE
- %TEMP%\ckz20f09\Files\IEDriver.bin
- %TEMP%\ckz20f09\Files\5.exe
- %TEMP%\ckz20f09\Files\ieupdate.exe
- %TEMP%\ckz20f09\Files\td.exe
- %TEMP%\WUSave.inf
- %TEMP%\ckz20f09\Files\sx.htm
- C:\superbarinstaller_wildmedia.exe
- C:\ps_install-kim.exe
- C:\setup_td.exe
- C:\SaveInstCm.exe
- %TEMP%\ckz20f09\Files\3.exe
- %TEMP%\ckz20f09\Setup.exe
- C:\wmedia_bbi8015.exe
- %PROGRAM_FILES%\Bargain Buddy\bin\apuc.dll
- %APPDATA%\boae.exe
- %PROGRAM_FILES%\Bargain Buddy\bin\bargains.exe
- %PROGRAM_FILES%\Bargain Buddy\uninst.exe
- <SYSTEM32>\IEDriver\IEUPDATE.EXE
- <SYSTEM32>\sx.htm
- <SYSTEM32>\IEDriver\IEDRIVER.EXE
- %TEMP%\ckz20f09\Files\vii.tty
- %TEMP%\ckz20f09\Files\vi.tty
- %TEMP%\WUSave.cab
- <Current directory>\rs.exe
- %PROGRAM_FILES%\Bargain Buddy\bbchk.exe
- %PROGRAM_FILES%\Bargain Buddy\apuc.dll
- %PROGRAM_FILES%\Bargain Buddy\bargains.exe
- %TEMP%\WUSave.cab
- %PROGRAM_FILES%\Save\SET9.tmp
- %TEMP%\WUSave.inf
- %PROGRAM_FILES%\ClockSync\SETD.tmp
- %PROGRAM_FILES%\ClockSync\SETB.tmp
- <Current directory>\rs.exe
- %PROGRAM_FILES%\Bargain Buddy\apuc.dll
- %PROGRAM_FILES%\Bargain Buddy\bargains.exe
- %PROGRAM_FILES%\Save\SET3.tmp
- %PROGRAM_FILES%\Save\SET7.tmp
- %PROGRAM_FILES%\Save\SET5.tmp
- from %PROGRAM_FILES%\Save\SETA.tmp to %PROGRAM_FILES%\Save\ReadMe.txt
- from %PROGRAM_FILES%\ClockSync\SETC.tmp to %PROGRAM_FILES%\ClockSync\Sync.exe
- from %PROGRAM_FILES%\ClockSync\SETE.tmp to %PROGRAM_FILES%\ClockSync\Uninst.exe
- from %PROGRAM_FILES%\Save\SET4.tmp to %PROGRAM_FILES%\Save\Save.exe
- from %PROGRAM_FILES%\Save\SET6.tmp to %PROGRAM_FILES%\Save\save.htm
- from %PROGRAM_FILES%\Save\SET8.tmp to %PROGRAM_FILES%\Save\SaveUninst.exe
- 'localhost':1043
- '66.##0.193.111':80
- 'localhost':1048
- 'localhost':1045
- 'www.cl###spring.net':80
- 'localhost':1035
- 'localhost':1041
- 'www.gi#####hsoftware.com':80
- 66.##0.193.111/updates/query.php?v=##############
- www.gi#####hsoftware.com/stats/update_installer_stats.php?ca###################
- www.cl###spring.net/install/notify.php?pi#############################################################
- DNS ASK nt##.#sno.navy.mil
- DNS ASK we#.#henu.com
- DNS ASK ap#.#henu.com
- DNS ASK to##.#sno.navy.mil
- DNS ASK www.gi#####hsoftware.com
- DNS ASK www.cl###spring.net
- DNS ASK do######.gigatechsoftware.com
- DNS ASK ad#####r.outblaze.com
- ClassName: '(null)' WindowName: 'WhenU_ClockSync_1_0'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'adp_wnd_class' WindowName: 'adp'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'WhenUOffers' WindowName: ''
- ClassName: 'WhenUOffers' WindowName: 'WhenUSaveV1'