[poppashawn]

ArchiveData(auto-quarantine- 2005-04-22 13-34-07.bckp)
Referencefile : SE1R40 20.04.2005
======================================================

MARKETSCORE(NETSETTER)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\WINDOWS\SYSTEM\OKSHOOK.DLL
obj[1]=Process : C:\WINDOWS\SYSTEM\OKSHOOK.DLL
obj[2]=Process : C:\WINDOWS\SYSTEM\OSMIM.DLL
obj[3]=Process : C:\WINDOWS\SYSTEM\RK.EXE
obj[121]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run "OSS"
obj[125]=Regkey : .DEFAULT\software\netsetter
obj[130]=File : c:\windows\system\rk.exe
obj[131]=File : C:\WINDOWS\SYSTEM\ossproxy.exe
obj[132]=File : C:\WINDOWS\SYSTEM\okshook.dll
obj[133]=File : C:\WINDOWS\SYSTEM\osmim.dll
obj[136]=File : C:\WINDOWS\SYSTEM\osmim.dll

SECURITY IGUARD
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Folder : C:\WINDOWS\Application Data\Rex-Services
obj[117]=RegValue : software\rex-services "MGuid"
obj[127]=Regkey : software\rex-services

180SOLUTIONS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[5]=Folder : C:\Program Files\180search Assistant
obj[122]=RegValue : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} "BarSize"
obj[129]=Regkey : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
obj[134]=File : c:\windows\TEMP\DelF015.TMP

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/
obj[12]=IECache Entry : Cookie:[email protected]/
obj[13]=IECache Entry : Cookie:[email protected]/
obj[14]=IECache Entry : Cookie:[email protected]/
obj[15]=IECache Entry : Cookie:[email protected]/
obj[16]=IECache Entry : Cookie:[email protected]/
obj[17]=IECache Entry : Cookie:[email protected]/
obj[18]=IECache Entry : Cookie:[email protected]/
obj[19]=IECache Entry : Cookie:[email protected]/
obj[20]=IECache Entry : Cookie:[email protected]/
obj[21]=IECache Entry : Cookie:[email protected]/
obj[22]=IECache Entry : Cookie:[email protected]/
obj[23]=IECache Entry : Cookie:[email protected]/
obj[24]=IECache Entry : Cookie:[email protected]/
obj[25]=IECache Entry : Cookie:[email protected]/cgi-bin/
obj[26]=IECache Entry : Cookie:[email protected]/
obj[27]=IECache Entry : Cookie:[email protected]/
obj[28]=IECache Entry : Cookie:[email protected]/
obj[29]=IECache Entry : Cookie:[email protected]/
obj[30]=IECache Entry : Cookie:[email protected]/
obj[31]=IECache Entry : Cookie:[email protected]/
obj[32]=IECache Entry : Cookie:[email protected]/
obj[33]=IECache Entry : Cookie:[email protected]/
obj[34]=IECache Entry : Cookie:[email protected]/
obj[35]=IECache Entry : Cookie:[email protected]/
obj[36]=IECache Entry : Cookie:[email protected]/
obj[37]=IECache Entry : Cookie:[email protected]/
obj[38]=IECache Entry : Cookie:[email protected]/
obj[39]=IECache Entry : Cookie:[email protected]/
obj[40]=IECache Entry : Cookie:[email protected]/
obj[41]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[42]=IECache Entry : Cookie:[email protected]/
obj[43]=IECache Entry : Cookie:[email protected]/
obj[44]=IECache Entry : Cookie:[email protected]/
obj[45]=IECache Entry : Cookie:[email protected]/
obj[46]=IECache Entry : Cookie:[email protected]/
obj[47]=IECache Entry : Cookie:[email protected]/
obj[48]=IECache Entry : Cookie:[email protected]/
obj[49]=IECache Entry : Cookie:[email protected]/
obj[50]=IECache Entry : Cookie:[email protected]/
obj[51]=IECache Entry : Cookie:[email protected]/
obj[52]=IECache Entry : Cookie:[email protected]/
obj[53]=IECache Entry : Cookie:[email protected]/
obj[54]=IECache Entry : Cookie:[email protected]/adrevolver/
obj[55]=IECache Entry : Cookie:[email protected]/
obj[56]=IECache Entry : Cookie:[email protected]/
obj[57]=IECache Entry : Cookie:[email protected]/
obj[58]=IECache Entry : Cookie:[email protected]/
obj[59]=IECache Entry : Cookie:[email protected]/
obj[60]=IECache Entry : Cookie:[email protected]/
obj[61]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[62]=IECache Entry : Cookie:[email protected]/
obj[63]=IECache Entry : Cookie:[email protected]/
obj[64]=IECache Entry : Cookie:[email protected]/
obj[65]=IECache Entry : Cookie:[email protected]/
obj[66]=IECache Entry : Cookie:[email protected]/
obj[67]=IECache Entry : Cookie:[email protected]/
obj[68]=IECache Entry : Cookie:[email protected]/
obj[69]=IECache Entry : Cookie:[email protected]/
obj[70]=IECache Entry : Cookie:[email protected]/
obj[71]=IECache Entry : Cookie:[email protected]/
obj[72]=IECache Entry : Cookie:[email protected]/
obj[73]=IECache Entry : Cookie:[email protected]/
obj[74]=IECache Entry : Cookie:[email protected]/
obj[75]=IECache Entry : Cookie:[email protected]/
obj[76]=IECache Entry : Cookie:[email protected]/
obj[77]=IECache Entry : Cookie:[email protected]/
obj[78]=IECache Entry : Cookie:[email protected]/
obj[79]=IECache Entry : Cookie:[email protected]/
obj[80]=IECache Entry : Cookie:[email protected]/
obj[81]=IECache Entry : Cookie:[email protected]/
obj[82]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt
obj[83]=IECache Entry : C:\WINDOWS\Cookies\anyuser@doubleclick[1].txt
obj[84]=IECache Entry : C:\WINDOWS\Cookies\anyuser@atdmt[1].txt
obj[85]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[86]=IECache Entry : C:\WINDOWS\Cookies\anyuser@valueclick[1].txt
obj[87]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[88]=IECache Entry : C:\WINDOWS\Cookies\anyuser@adrevolver[2].txt
obj[89]=IECache Entry : C:\WINDOWS\Cookies\anyuser@2o7[1].txt
obj[90]=IECache Entry : C:\WINDOWS\Cookies\anyuser@overture[1].txt
obj[91]=IECache Entry : C:\WINDOWS\Cookies\anyuser@fastclick[2].txt
obj[92]=IECache Entry : C:\WINDOWS\Cookies\anyuser@zedo[2].txt
obj[93]=IECache Entry : C:\WINDOWS\Cookies\anyuser@advertising[1].txt
obj[94]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[95]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[96]=IECache Entry : C:\WINDOWS\Cookies\anyuser@qksrv[2].txt
obj[97]=IECache Entry : C:\WINDOWS\Cookies\anyuser@trafficmp[2].txt
obj[98]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt
obj[99]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt
obj[100]=IECache Entry : C:\WINDOWS\Cookies\anyuser@bluestreak[1].txt
obj[101]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[102]=IECache Entry : C:\WINDOWS\Cookies\anyuser@iwon[2].txt
obj[103]=IECache Entry : C:\WINDOWS\Cookies\anyuser@hitbox[1].txt
obj[104]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt
obj[105]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt
obj[106]=IECache Entry : C:\WINDOWS\Cookies\anyuser@tribalfusion[2].txt
obj[107]=IECache Entry : C:\WINDOWS\Cookies\anyuser@questionmarket[1].txt

HIJACKER.TOPCONVERTING
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[108]=RegValue : interface\{2b0eceac-f597-4858-a542-d966b49055b9} ""
obj[123]=Regkey : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

ZANGO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[109]=RegValue : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287} ""
obj[124]=Regkey : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
obj[135]=File : c:\windows\TEMP\DelF0B2.TMP

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[110]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[111]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[112]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[113]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[114]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[115]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[116]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[118]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[126]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[119]=RegValue : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF} "SystemComponent"
obj[120]=RegValue : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF} "Installer"
obj[128]=Regkey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}

[Advertisements]

Hello,poppashawn Welcome to the forum, let’s make a start and see if we can help..

We need to see an Ad-aware log

Can you please follow the instructions in this link and post back in this thread…..
http://www.geekstogo...indpost&p=78035

We need to see a complete logfile to be of assistance to you …..
As it will give us an idea what you have on you computer…

Please make sure your using Ad-aware SE 1.05
And have the latest Definition file …

To get the update, please launch Ad-Aware SE and click on the globe icon to access the Web Update feature,



Regards..

numbnuts ……

Edited by numbnuts, 22 April 2005 - 03:24 PM.

[poppashawn]

here is the ad-ware list. please help!









Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 4:27:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):4 total references
Alexa(TAC index:5):9 total references
Hijacker.TopConverting(TAC index:5):2 total references
Marketscore(Netsetter)(TAC index:7):10 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Security iGuard(TAC index:9):3 total references
Tracking Cookie(TAC index:3):410 total references
Zango(TAC index:6):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE
PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:0 %
Total physical memory:65036 kb
Available physical memory:520 kb
Total page file size:2032112 kb
Available on page file:1919400 kb
Total virtual memory:2093056 kb
Available virtual memory:2037632 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


04-22-2005 4:27:14 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293897527
Threads : 8
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294962895
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294960887
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294955179
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [PCCIOMON.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
ProcessID : 4294731911
Threads : 5
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCIOMON
InternalName : PCCIOMON
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCIOMON

#:6 [PCCPFW.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 4294726483
Threads : 3
Priority : Normal


#:7 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294721851
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:8 [MOSEARCH.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
Command Line : c:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
ProcessID : 4294751003
Threads : 8
Priority : Normal
FileVersion : 10.109.3705.2
ProductVersion : 10.109.3705.2
ProductName : PKM
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office Search Service
InternalName : mosearch.exe
LegalCopyright : Copyright © Microsoft Corp. 1998. All rights reserved.
LegalTrademarks : Microsoft ® is a registered trademark of Microsoft Corporation.
Windows™ is a trademark of Microsoft Corporation.
OriginalFilename : mosearch.exe
Comments : Microsoft Office Search Service

#:9 [MDM.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
ProcessID : 4294770379
Threads : 4
Priority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:10 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294766399
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:11 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294808095
Threads : 4
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:12 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294582231
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


#:13 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294651967
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:14 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294650359
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:15 [ATIPTAAA.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
Command Line : "C:\WINDOWS\SYSTEM\Atiptaaa.exe"
ProcessID : 4294687043
Threads : 1
Priority : Normal
FileVersion : 4.11.2420
ProductName : ATI Technologies, Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Icon
InternalName : ATIPDSXX
LegalCopyright : Copyright © ATI Technologies Inc. 1998
OriginalFilename : ATIPTAXX.DLL

#:16 [PCCGUIDE.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 4294694351
Threads : 8
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:17 [PCCCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 4294699715
Threads : 2
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:18 [POP3TRAP.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 4294697227
Threads : 6
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:19 [RK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RK.EXE
Command Line : "C:\windows\system\rk.exe" -boot
ProcessID : 4294661555
Threads : 9
Priority : Normal
FileVersion : 1.3.301.318 (Build 301.318)
ProductVersion : 1.3.301.318 (Build 301.318)
ProductName : RelevantKnowledge
CompanyName : RelevantKnowledge
FileDescription : RelevantKnowledge
LegalCopyright : Copyright © 2001-2004

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OSMIM.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.0.0.52 (Build 52)
ProductVersion : 1.0.0.52 (Build 52)
ProductName : Marketscore OSMIM
CompanyName : Marketscore
FileDescription : OSMIM
InternalName : OSMIM
LegalCopyright : Copyright © 2004
OriginalFilename : OSMIM.dll

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OSMIM.DLL)


Marketscore(Netsetter) Object Recognized!
Type : Process
Data : RK.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.301.318 (Build 301.318)
ProductVersion : 1.3.301.318 (Build 301.318)
ProductName : RelevantKnowledge
CompanyName : RelevantKnowledge
FileDescription : RelevantKnowledge
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\RK.EXE)

Warning! "C:\WINDOWS\SYSTEM\RK.EXE"Process could not be terminated!

#:20 [MSWHEEL.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSWHEEL.EXE
Command Line : C:\WINDOWS\SYSTEM\MSWHEEL.EXE
ProcessID : 4294449003
Threads : 1
Priority : Normal


#:21 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4294475767
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:22 [CTFMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CTFMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\ctfmon.exe"
ProcessID : 4294472183
Threads : 1
Priority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:23 [WP.EXE]
ModuleName : C:\WP.EXE
Command Line : "C:\WP.EXE"
ProcessID : 4294467195
Threads : 1
Priority : Normal


#:24 [OSA.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 4294462511
Threads : 1
Priority : Normal


#:25 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294538455
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:26 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\PROGRA~1\INTERN~1\iexplore.exe"
ProcessID : 4294512175
Threads : 10
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


#:27 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294371539
Threads : 5
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:28 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294423631
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
Value :

Marketscore(Netsetter) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netsetter

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Security iGuard Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Value : MGuid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 22


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} (http://images.bonzi..../bbsetuppop.exe)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}
Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 25


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@iwon[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 04-16-2015 12:21:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 04-20-2010 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@seeq[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@seeq[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@overture[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@peel[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@peel[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@linksynergy[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@paycounter[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@paycounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@iwon[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@iwon[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@sexlist[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@sexlist[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 73
Objects found so far: 98



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Marketscore(Netsetter) Object Recognized!
Type : File
Data : ossproxy.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.246 (Build 246)
ProductVersion : 1.3.4.246 (Build 246)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2004
OriginalFilename : ossproxy.exe


180Solutions Object Recognized!
Type : File
Data : DelF015.TMP
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\



Zango Object Recognized!
Type : File
Data : DelF0B2.TMP
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 6, 2, 0, 3
ProductVersion : 6, 2, 0, 3
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Comments : /cbc=force


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@iwon[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@iwon[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pro-market[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bfast[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@seeq[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@seeq[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adrevolver[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@2o7[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tripod[1].txt
Category : Data Miner
Comment

Edited by poppashawn, 22 April 2005 - 05:33 PM.

[poppashawn]

HERE IS THE LIST. I BELIVE IT IS ALL THERE LET ME KNOW THANKS











Ad-Aware SE Build 1.05
Logfile Created on:Monday, April 25, 2005 1:15:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):4 total references
Alexa(TAC index:5):9 total references
Hijacker.TopConverting(TAC index:5):2 total references
Marketscore(Netsetter)(TAC index:7):11 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Security iGuard(TAC index:9):3 total references
Tracking Cookie(TAC index:3):422 total references
Zango(TAC index:6):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:0 %
Total physical memory:65036 kb
Available physical memory:120 kb
Total page file size:2032112 kb
Available on page file:1902076 kb
Total virtual memory:2093056 kb
Available virtual memory:2033344 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


04-25-2005 1:15:27 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293897341
Threads : 8
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294963077
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294961085
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294955489
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [PCCIOMON.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
ProcessID : 4294732229
Threads : 5
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCIOMON
InternalName : PCCIOMON
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCIOMON

#:6 [PCCPFW.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 4294726161
Threads : 3
Priority : Normal


#:7 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294721609
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:8 [MOSEARCH.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
Command Line : c:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
ProcessID : 4294750761
Threads : 9
Priority : Normal
FileVersion : 10.109.3705.2
ProductVersion : 10.109.3705.2
ProductName : PKM
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office Search Service
InternalName : mosearch.exe
LegalCopyright : Copyright © Microsoft Corp. 1998. All rights reserved.
LegalTrademarks : Microsoft ® is a registered trademark of Microsoft Corporation.
Windows™ is a trademark of Microsoft Corporation.
OriginalFilename : mosearch.exe
Comments : Microsoft Office Search Service

#:9 [MDM.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
Command Line : "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
ProcessID : 4294770585
Threads : 4
Priority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:10 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294765573
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:11 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294808693
Threads : 4
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:12 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294628325
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


#:13 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294681733
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:14 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294679789
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:15 [ATIPTAAA.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
Command Line : "C:\WINDOWS\SYSTEM\Atiptaaa.exe"
ProcessID : 4294454617
Threads : 1
Priority : Normal
FileVersion : 4.11.2420
ProductName : ATI Technologies, Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Icon
InternalName : ATIPDSXX
LegalCopyright : Copyright © ATI Technologies Inc. 1998
OriginalFilename : ATIPTAXX.DLL

#:16 [PCCGUIDE.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 4294469237
Threads : 8
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


#:17 [PCCCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 4294699537
Threads : 2
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:18 [POP3TRAP.EXE]
ModuleName : C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 4294464073
Threads : 6
Priority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:19 [MSWHEEL.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSWHEEL.EXE
Command Line : C:\WINDOWS\SYSTEM\MSWHEEL.EXE
ProcessID : 4294485113
Threads : 1
Priority : Normal


#:20 [RK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RK.EXE
Command Line : "C:\windows\system\rk.exe" -boot
ProcessID : 4294481969
Threads : 9
Priority : Normal
FileVersion : 1.3.301.318 (Build 301.318)
ProductVersion : 1.3.301.318 (Build 301.318)
ProductName : RelevantKnowledge
CompanyName : RelevantKnowledge
FileDescription : RelevantKnowledge
LegalCopyright : Copyright © 2001-2004

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OSMIM.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.0.0.52 (Build 52)
ProductVersion : 1.0.0.52 (Build 52)
ProductName : Marketscore OSMIM
CompanyName : Marketscore
FileDescription : OSMIM
InternalName : OSMIM
LegalCopyright : Copyright © 2004
OriginalFilename : OSMIM.dll

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OSMIM.DLL)


Marketscore(Netsetter) Object Recognized!
Type : Process
Data : RK.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.301.318 (Build 301.318)
ProductVersion : 1.3.301.318 (Build 301.318)
ProductName : RelevantKnowledge
CompanyName : RelevantKnowledge
FileDescription : RelevantKnowledge
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\RK.EXE)

Warning! "C:\WINDOWS\SYSTEM\RK.EXE"Process could not be terminated!

#:21 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4294498813
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:22 [CTFMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CTFMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\ctfmon.exe"
ProcessID : 4294496017
Threads : 1
Priority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:23 [WP.EXE]
ModuleName : C:\WP.EXE
Command Line : "C:\WP.EXE"
ProcessID : 4294507641
Threads : 1
Priority : Normal


#:24 [OSA.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 4294689645
Threads : 1
Priority : Normal


#:25 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294556453
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:26 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294394273
Threads : 5
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:27 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294440205
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


#:28 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\PROGRA~1\INTERN~1\iexplore.exe"
ProcessID : 4294206161
Threads : 10
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Marketscore(Netsetter) Object Recognized!
Type : Process
Data : OKSHOOK.DLL
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.296 (Build 296)
ProductVersion : 1.3.4.296 (Build 296)
ProductName : Marketscore
CompanyName : Marketscore
FileDescription : Marketscore
LegalCopyright : Copyright © 2001-2004

Warning! Marketscore(Netsetter) Object found in memory(C:\WINDOWS\SYSTEM\OKSHOOK.DLL)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 7


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
Value :

Marketscore(Netsetter) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netsetter

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Security iGuard Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Value : MGuid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} (http://images.bonzi..../bbsetuppop.exe)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}
Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://images.bonzi..../bbsetuppop.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 26


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@iwon[3].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 01-17-2038 6:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 04-22-2015 10:44:24 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@dcsgcxwngpifwznfzlmv83o6w_5w4m[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/dcsgcxwngpifwznfzlmv83o6w_5w4m
Expires : 04-22-2015 10:43:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[3].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 04-20-2010 6:00:00 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 04-23-2008 12:56:34 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 04-24-2006 1:01:54 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@hitbox[3].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 04-24-2006 1:01:54 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bfast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@seeq[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@seeq[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@overture[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@peel[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@peel[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@linksynergy[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@valueclick[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@paycounter[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@paycounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@iwon[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@iwon[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@sexlist[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@sexlist[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\anyuser@atdmt[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 79
Objects found so far: 105



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Marketscore(Netsetter) Object Recognized!
Type : File
Data : ossproxy.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1.3.4.246 (Build 246)
ProductVersion : 1.3.4.246 (Build 246)
ProductName : Marketscore Internet Accelerator (OSSProxy)
CompanyName : Marketscore
FileDescription : Marketscore Internet Accelerator
InternalName : OSSProxy
LegalCopyright : Copyright © 2001-2004
OriginalFilename : ossproxy.exe


180Solutions Object Recognized!
Type : File
Data : DelF015.TMP
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\



Zango Object Recognized!
Type : File
Data : DelF0B2.TMP
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 6, 2, 0, 3
ProductVersion : 6, 2, 0, 3
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Comments : /cbc=force


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@atdmt[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@pro-market[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\anyuser@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : anyuser@bfast

[Eric the Red]

poppashawn,

I know that this is infuriating but you have not yet been able to post a full logfile. The posting software cannot handle all the log at once and truncates it when you paste it in. You need to locate the point at which it was cut off. Start another reply here and continue to cut and paste from the logfile starting at the point where the previous logfile ended. Continue to do this until you see the end of the logfile (signified by the "Scan Summary" section).

Also, a new definition reference file was issued by Lavasoft today. I suggest that you download that and scan again with the new defs.ref