Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virtumonde, CashOn, Trojan VB.dck, Trojan Monder, Vundo [CLOSED]


  • This topic is locked This topic is locked

#1
jsh911119

jsh911119

    New Member

  • Member
  • Pip
  • 8 posts
Hi there,
I have been experiencing a real slow computer for the past week or so, and it seems to get slower everytime so i finally logged on here for some help. I downloaded the Kaspersky Internet Security 7 to remove these malwares, but they keep showing up everytime. I think i deleted a fair amount of files because of that :). Some of them include Virtumonde, CashOn, Vundo, Exploit.Java.Gimsh, Agent, Monder, and many others. I have included the Kaspersky's report, SuperAntiSpyware report, Panda report, and the Hijack this log. I could not get the Malware bytes to run :)
Thanks in advance!!!

Protection : running
--------------------
Total scanned: 6060
Detected: 29642
Untreated: 0
Attacks blocked: 0
Start time: 2008-06-05 오전 12:24:07
Duration: 00:24:51


Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trk File: C:\WINDOWS\system32\efcAQIBQ.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\WINDOWS\SYSTEM32\XXOVGODN.DLL
deleted: Trojan program Trojan-Downloader.Win32.VB.dck Running module: svchost.exe\svchost.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\svchost.exe
deleted: adware not-a-virus:AdWare.Win32.CashOn.ao File: c:\program files\shopguide\shpguide9c_c.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.CashOn.ar File: c:\program files\webguide\webguide7a_c.dll//UPX
deleted: Trojan program Trojan.Win32.Pakes.cym File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP741\A0073129.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trl File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP741\A0073133.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trp File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP741\A0073134.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trp File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP742\A0073170.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073346.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trk File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073349.dll
deleted: adware not-a-virus:AdWare.Win32.CashOn.ao File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073364.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.CashOn.ar File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073365.dll//UPX
deleted: Trojan program Exploit.Java.Gimsh.b File: C:\Documents and Settings\James Jun\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-1340662a.zip/vmain.class
disinfected: Trojan program Exploit.Java.Gimsh.b File: C:\Documents and Settings\James Jun\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-1e967193.zip
deleted: adware not-a-virus:AdWare.Win32.Agent.vm File: C:\Documents and Settings\James Jun\Local Settings\Temp\tem18.tmp.exe//data0002
deleted: adware not-a-virus:AdWare.Win32.Agent.jb File: C:\Documents and Settings\James Jun\Local Settings\Temp\tem1C.tmp.exe//data0002
deleted: adware not-a-virus:AdWare.Win32.Agent.vm File: C:\Documents and Settings\James Jun\Local Settings\Temp\upd20.tmp.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trp File: C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\kb456456[2]
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\kb516107[1]
deleted: Trojan program Exploit.HTML.CodeBaseExec File: C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\MX3SXK3Q\ysb_downloads_manager[1].htm
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\FX5RCJ7O\kb456456[1]
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\FX5RCJ7O\kb516107[1]
deleted: adware not-a-virus:AdWare.Win32.Agent.vm File: C:\Program Files\ContextTool\ContextTool-2.dll
deleted: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\a.zip/Setup.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\Setup.exe
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\!Easy ScreenSaver Studio 4.0.zip
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\Zylom Text Express DELUXE v1.4.0.zip
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\Zylom The legend of El Dorado Deluxe v1.0.zip
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\ZZZ Capture Flash 1.0.0.zip
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\ZZZ FLV to AVI Converter 1.xx.zip
disinfected: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\WINDOWS\Fonts\'\[Utilities] Strata Foto 3D.zip
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trv File: C:\WINDOWS\system32\clxyrqmv.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\WINDOWS\system32\fbswyuhk.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\WINDOWS\system32\mpqwhuwy.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\WINDOWS\system32\nuniskpv.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trd File: C:\WINDOWS\system32\pgtfcelt.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\WINDOWS\system32\psgcaofd.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\WINDOWS\system32\qmlaglho.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\WINDOWS\system32\tkeeqjfo.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trp File: C:\WINDOWS\system32\ukrqicog.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP742\A0073171.dll
deleted: Trojan program Trojan-Downloader.Win32.VB.dck File: c:\windows\fonts\'\a-one dvd to mp3 ripper 4.22.zip/Setup.exe
deleted: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073366.exe
detected: riskware Hidden data sending Running process: C:\WINDOWS\explorer.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\WINDOWS\SYSTEM32\RAJKLNAL.DLL
deleted: adware not-a-virus:AdWare.Win32.Agent.vm File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073371.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.vqd File: C:\WINDOWS\system32\gexpcrek.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.vqh File: C:\WINDOWS\SYSTEM32\JONSJFBE.DLL
deleted: adware not-a-virus:AdWare.Win32.CashOn.ao File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP746\A0074412.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.vqf File: C:\DOCUME~1\555\LOCALS~1\Temp\kdxjieci.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.vqf File: C:\Documents and Settings\555\Local Settings\Temporary Internet Files\Content.IE5\SNS5IDUB\kb516107[1]
detected: riskware Hidden data sending Running process: C:\WINDOWS\Explorer.EXE
deleted: Trojan program Trojan.Win32.Monder.le File: C:\Documents and Settings\555\Local Settings\Temporary Internet Files\Content.IE5\6TWLQV2F\kb456456[1]
deleted: Trojan program Trojan.Win32.Monder.le File: C:\Documents and Settings\555\Local Settings\Temp\ovkfnebj.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\Documents and Settings\555\Local Settings\Temporary Internet Files\Content.IE5\SNS5IDUB\kb767887[1]
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wdd File: C:\Documents and Settings\555\Local Settings\Temp\nnrpmgej.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.wpv URL: http://62.4.83.200/w...e...E69&rid=mm2
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wpu File: C:\WINDOWS\system32\egabfyap.dll
blocked: phishing address http://winanonymous.com/* URL: http://winanonymous....i..._4260&rdr=2
blocked: phishing address http://winanonymous.com/* URL: http://winanonymous.com/favicon.ico
deleted: adware not-a-virus:AdWare.Win32.CashOn.ar File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP746\A0074413.dll//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP746\A0075391.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.wpu File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP747\A0077792.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.wpu File: C:\Documents and Settings\555\Local Settings\Temporary Internet Files\Content.IE5\KNC38BC5\kb456456[1]
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trc File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP740\A0073106.dll
not found: Trojan program Trojan-Downloader.Win32.VB.dck File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073372.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trv File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073373.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073374.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073375.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.tsm File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073376.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trd File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073377.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073378.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.tsk File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073379.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.tro File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073380.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.trp File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP744\A0073381.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.vqd File: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\YGW5JCML\kb456456[1]
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\ujpfpkck.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\SYSTEM32\MBMMONET.DLL
not found: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\MBMMONET.DLL.kav
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\dcmcgfwp.dll
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\dbuhfpii.dll
not found: Trojan program Trojan.Win32.Monder.gen File: C:\WINDOWS\system32\dbuhfpii.dll.kav
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\3ILFG6YK\kb767887[2]
detected: Trojan program Trojan.Win32.Monder.gen URL: http://85.17.166.168...2CD7AEC344C7E69
blocked: phishing address http://winanonymous.com/* URL: http://winanonymous....i..._4260&rdr=2
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\3ILFG6YK\kb456456[1]
detected: Trojan program Trojan.Win32.Monder.gen URL: http://89.188.16.29/...?...E69&rid=mm2
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\DOCUME~1\test\LOCALS~1\Temp\aqbjgelu.dll
blocked: phishing address http://winanonymous.com/* URL: http://winanonymous....i..._4260&rdr=2
deleted: adware not-a-virus:AdWare.Win32.CashOn.ao File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP749\A0078863.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\DOCUMENTS AND SETTINGS\JAMES JUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LGF0ZSV\KB456456[1]
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\DOCUMENTS AND SETTINGS\JAMES JUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LGF0ZSV\KB767887[1]
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.vqh File: C:\DOCUMENTS AND SETTINGS\JAMES JUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O1KHE7KD\KB516107[2]
deleted: adware not-a-virus:AdWare.Win32.CashOn.ar File: C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP749\A0078864.dll//UPX
deleted: Trojan program Trojan.Win32.Monder.gen File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP749\A0081854.DLL






SUPERAntiSpyware Scan Log
Generated 06/04/2008 at 08:53 PM

Application Version : 3.6.1000

Core Rules Database Version : 3474
Trace Rules Database Version: 1465

Scan type : Complete Scan
Total Scan Time : 02:56:53

Memory items scanned : 418
Memory threats detected : 0
Registry items scanned : 5907
Registry threats detected : 11
File items scanned : 134263
File threats detected : 120

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
HKCR\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
HKCR\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}\InprocServer32
HKCR\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EFCAQIBQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
HKCR\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP739\A0073086.DLL

Adware.Tracking Cookie
C:\Documents and Settings\555\Cookies\[email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected]ltadworld[1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][1].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1482476501-329068152-725345543-1008\Software\Microsoft\rdfa

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\JAMES JUN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C7KXMNI1\KB713501[1]
C:\WINDOWS\SYSTEM32\DGPYXJOM.EXE
C:\WINDOWS\SYSTEM32\EUHGWSKH.EXE
C:\WINDOWS\SYSTEM32\FWVYQWMI.EXE
C:\WINDOWS\SYSTEM32\NRACEQVM.EXE
C:\WINDOWS\SYSTEM32\OYSAQVDT.EXE
C:\WINDOWS\SYSTEM32\QAUWDQYM.EXE
C:\WINDOWS\SYSTEM32\TIVBLVHS.EXE
C:\WINDOWS\SYSTEM32\VRPATWWK.EXE
C:\WINDOWS\SYSTEM32\WCUPMXQE.EXE
C:\WINDOWS\SYSTEM32\WYCWBGEG.EXE
C:\WINDOWS\SYSTEM32\XAPCKGWY.EXE
C:\WINDOWS\SYSTEM32\XHNYTKDM.EXE
C:\WINDOWS\SYSTEM32\XKJDOLQU.EXE

Trace.Known Threat Sources
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_bg1[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\i53b_icon3[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\stats[1].jpg
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\i53b_brd-top-1[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\crypt[1].htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_boton2[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_brd-bot-1[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\i53b_btn-updates[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_icon1[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_btn-overview[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\6V65KV63\errorhandler[1].htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\i53b_btn-features[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\C7KXMNI1\i53b_t1[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\i53b_line2[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\CAG1AF4X.htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\i53b_icon5[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\6V65KV63\i53b_btn-home[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\6V65KV63\i53b_line3[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\managers[1].htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\i53b_btn-purchase[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\i53b_btn-download[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\SBCDITM1\CASDY3GL.htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\6V65KV63\CAIZUNUL.htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\i53b_boton4[1].gif
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\O1KHE7KD\CARYS371.htm
C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\8LGF0ZSV\CAC1MB4L.htm









;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-06-05 00:20:21
PROTECTIONS: 2
MALWARE: 63
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Avira AntiVir Windows Workstation 0.0.0.0 No No
Kaspersky Internet Security 7.0.1.325 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Cookies\[email protected][1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.247realmedia.com/]
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.targetnet.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.mediaplex.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.sexlist.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.sexlist.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.linksynergy.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.7search.com/]
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.7search.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.clickbank.net/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.maxserving.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.xiti.com/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.hotlog.ru/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.gostats.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Da

Edited by jsh911119, 11 June 2008 - 08:12 PM.

  • 0

Advertisements


#2
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.burstnet.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.versiontracker.com/]
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.versiontracker.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Cookies\james [email protected][2].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.as-us.falkag.net/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[statse.webtrendslive.com/S109821]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[statse.webtrendslive.com/S109821]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.realmedia.com/]
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.terra.com.br/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.cs.sexcounter.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\555\Application Data\Mozilla\Firefox\Profiles\9tlq6kdf.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[searchportal.information.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Application Data\Mozilla\Firefox\Profiles\n7lf11n2.default\cookies.txt[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\kvabs16r.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\4ymkg2it.default\cookies.txt[.atwola.com/]
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\James Jun\Cookies\james [email protected][3].txt
00933087 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\owner\My Documents\Crap\C3PO_V303.rar[C3PO_V303\R2Map.dgl]
01072735 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\owner\My Documents\My Received Files\C3PO_V307.zip[r2map.dgl]
02574762 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\WebGuide\infoband6.dll
02861939 Spyware/Rewardnet Spyware No 0 Yes No C:\Program Files\WebGuide\infoband2.dll
02861943 Spyware/Rewardnet Spyware No 0 Yes No C:\Program Files\WebGuide\infoband3.dll
02965684 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP749\A0081994.dll
02983839 Adware/WebSearch Adware No 0 Yes No C:\WINDOWS\system32\ilgqkcut.dll
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082556.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082554.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082555.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082544.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082545.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082546.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082547.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082548.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082549.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082550.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082551.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082552.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{FB2DAEDB-FEC4-4398-96BD-AE64087A529C}\RP756\A0082553.exe
02994538 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\O1KHE7KD\kb516107[1]
02994538 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qvbgfdkd.dll
02994844 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\M5C365M1\kb456456[2]
03007916 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\O1KHE7KD\query[1]
03007916 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jjyubppn.dll
03007916 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\knxyirwc.dll
03021084 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ylmkqxfh.dll
03021258 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\uioeudkl.dll
03021258 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\wrvwvneh.dll
03021258 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\James Jun\Local Settings\Temporary Internet Files\Content.IE5\2TUJCPEX\query[2]
03021258 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\kskchaty.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ;
;===============================================================================
=================================================================================
===================
No C:\PROGRAM FILES\SHOPGUIDE\SHPSV.DLL ;
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ;
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 12:33:45, on 2008-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
O4 - HKLM\..\Run: [TempCom] C:\WINDOWS\FONTS\84035.com
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netm...NMStarter23.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24....ebInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://common.dl.say...Neffy_v1121.cab
O16 - DPF: {10B69FAD-B2F1-4DB0-BBEC-81DCC529F957} (BTWWebClient Control) - http://download.bank...TW-sToolkit.cab
O16 - DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} (Maildropfile Control) - http://activexdown.p...aildropfile.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://image.cjmall....down/INIS60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://update.nprote...006/kor/nps.cab
O16 - DPF: {4CEC7969-020B-4D48-A631-48108236B732} (Launcher Class) - http://www.accrox.co...cx/NStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {651E4C1D-AEBA-48A8-B2C0-0A0814766379} (File0u File Share Control 2) - http://www.file0u.co...le0uControl.CAB
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.p.../data/imweb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...ce/kdfense8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - https://www.isaackor...ate/ilkactx.cab
O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} (MagicController Control) - http://www.champstud...agicSpeeder.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://game1.hangame...anSetup1010.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote.../module/npx.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10255 bytes
  • 0

#3
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
bump

Edited by jsh911119, 11 June 2008 - 08:11 PM.

  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello jsh911119 and Welcome to Geeks to Go!

Sorry for the delay. We've been quite busy this week.

After checking your log, I found signs of malware on your system.
Please stick with me until we get you cleaned up. :)


Let's start.

First,

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Then

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post back with the following logs.

- Vundofix log
- MBAM log
- SuperAntispyware log
  • 0

#5
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
oh no....
I was running the Vundo remover until the point where the computer reboot
but it did not reboot and still cannot reboot
it says that system32\hal.dll is missing and that it cannot start the windows...
what should i do now?
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello jsh911119,

I am consulting with an expert regarding your situation.
Let's wait for his instructions before proceeding any further?

Sorry for the inconvenience.

koko

Edited by koko_crunch, 16 June 2008 - 06:41 PM.

  • 0

#7
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello jsh911119,

I'm really sorry for the long wait. Just got the go a ahead from JSntgRvr.
A fix was prepared by him and I and it had to be double-checked to make sure it was correct.
Got a Windows XP cd? We going to need it.

Fix by Kelly Theriot MS-MVP(DTS)

You should read this post completely before proceeding with the fix.

Reboot computer with Windows XP cd inserted in your CD-ROM drive.
A message will appear during boot to "Press any key to boot from the CD".
  • After the setup files are finished loading press R to repair using Recovery Console.
  • Choose the installation (usually number 1) that you need to access from the Recovery Console and then press ENTER.
  • Login to the Administrator account by typing the password for this account. If you don't have one leave it blank, then press ENTER.
  • At the recovery console command prompt, type the following command exactly.
Expand <cd-drive>:\i386\hal.dl_ <hd-drive>:\windows\system32\hal.dll
[/list]Note: In these two commands, the <cd-drive> represents the drive letter of your CD drive, and the <hd-drive> represents the drive letter of the hard disk on which your Windows XP is installed.
  • If you receive a prompt to overwrite the file, press Y.
  • Type exit, and press ENTER at the command prompt.
  • Once done, type Exit.
  • Reboot your computer and see if it worked.


Let me know how it turns out cause we still have a couple of steps to perform.

Edited by koko_crunch, 19 June 2008 - 06:11 AM.

  • 0

#8
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It's no problem i had to wait. Thanks for your help.

I typed the command in but it says that

It is unable to create file hal.dll - 0 files expanded...

---------------------------------------------------
I tried copying the hal instead of expanding it

and now I got Load Needed DLLs for Kernel

I think it's a common problem(search from google)

but I'm not totally sure what to do next so i'll stop exploring and wait for your reply haha
sorry

Edited by jsh911119, 19 June 2008 - 09:03 PM.

  • 0

#9
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Can you show me what you typed, put it in codebox please.
Did you use a cd with the same type/version as what you have installed on your computer?

Edited by koko_crunch, 20 June 2008 - 01:14 PM.

  • 0

#10
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I typed

COPY D:\i386\hal.dl_ D:\windows\system32\hal.dll

I actually could not find my original xp cd so i downloaded and burned one :/
  • 0

Advertisements


#11
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey I hope you don't mind but let's try this again.
This time note the drive letters.
D is your cd rom
C is your hardisk

Let's start.

Fix by Kelly Theriot MS-MVP(DTS)

You should read this post completely before proceeding with the fix.

Reboot computer with Windows XP cd inserted in your CD-ROM drive.
A message will appear during boot to "Press any key to boot from the CD".
  • After the setup files are finished loading press R to repair using Recovery Console.
  • Choose the installation (usually number 1) that you need to access from the Recovery Console and then press ENTER.
  • Login to the Administrator account by typing the password for this account. If you don't have one leave it blank, then press ENTER.
  • At the recovery console command prompt, type the following command exactly.
Expand D:\i386\hal.dl_ C:\windows\system32\hal.dll
[/list]
  • If you receive a prompt to overwrite the file, press Y.
  • Type exit, and press ENTER at the command prompt.
  • Once done, type Exit.
  • Reboot your computer and see if it worked.

Let me know how it turns out.
  • 0

#12
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
WOOPS
I'm SOO sorry
I did distinguish C and D when I typed them in (Exactly as it says)
but I just typed it wrong on the reply... Sorry...
anyways I'm still on the screen where it says:
Load Needed DLLs for Kernel
  • 0

#13
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey jsh911119,

Ok let's proceed. Is your computer a Single processor unit or a Duo/Quad processor unit?
If you don't know don't proceed, we'll jump to the next fix...


But if you know then proceed.

Read this post carefully before performing the fix.

Reboot computer with Windows XP cd inserted in your CD-ROM drive.
A message will appear during boot to "Press any key to boot from the CD".
  • After the setup files are finished loading press R to repair using Recovery Console.
  • Choose the installation (usually number 1) that you need to access from the Recovery Console and then press ENTER.
  • Login to the Administrator account by typing the password for this account. If you don't have one leave it blank, then press ENTER.
  • At the recovery console command prompt, type the following command exactly.
Expand <cd-drive>:\i386\hal.dl_ <hd-drive>:\windows\system32\hal.dll
[/list]For Single-Processor systems:
Expand <cd-drive>ntoskrnl.ex_ <hd-drive>:\windows\system32\ntoskrnl.exe
For Multi-Processor systems:
[/list]Expand <cd-drive>:\i386\ntkrnlmp.ex_ <hd-drive>:\windows\system32\ntoskrnl.exe
Note: In these two commands, the <cd-drive> represents the drive letter of your CD drive, and the <hd-drive> represents the drive letter of the hard disk on which your Windows XP is installed.
[/list]
  • If you receive a prompt to overwrite the file, press Y.
  • Type exit, and press ENTER at the command prompt.
  • Once done, type Exit.
  • Reboot your computer and see if it worked.

Edited by koko_crunch, 21 June 2008 - 01:16 AM.

  • 0

#14
jsh911119

jsh911119

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry I have no idea...

There is a slight problem...
I'm away from my home for a month leaving tomorow
so I guess this computer has to stay broken for a month :/
Its no problem if I contact you again in a month? haha
  • 0

#15
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

There is a slight problem...
I'm away from my home for a month leaving tomorow
so I guess this computer has to stay broken for a month :/
Its no problem if I contact you again in a month? haha


Hold on jsh911119, a few questions and one last try before we leave the next day.
This will surely helpful/useful in our attempt to recover your system and determine what trigger this.

Please read this completely before proceeding.

First,

Reboot computer with Windows XP cd inserted in your CD-ROM drive.
A message will appear during boot to "Press any key to boot from the CD".
  • After the setup files are finished loading press R to repair using Recovery Console.
  • Choose the installation (usually number 1) that you need to access from the Recovery Console and then press ENTER.
  • Login to the Administrator account by typing the password for this account. If you don't have one leave it blank, then press ENTER.

Question:
When you boot to in to Recovery console you end up in C:\ or C:\Windows

Next, we'll Use ERD Commander:

We need a special tool from Microsoft. It's a hefty 64.3 MB download but it's worth the trouble.
Please download & install the Microsoft Diagnostics and Recovery Toolset

Once you have it installed, locate the file :

C:\Program Files\Microsoft Diagnostics and Recovery Toolset\erd50.iso

It's an ISO file which you may burn onto a CD.

Reboot the affected machine with the ISO CD


Posted Image


Posted Image


You will receive the above message. Ignore it & continue


Posted Image


From Desktop, double click on 'My Computer'
Go to, C:\Vundofix Backups.

Question:
Is there a Vundofix Backups folder in your system ?
If so, please note what folders are there then let me know on your next reply.
Thanks.

Edited by koko_crunch, 21 June 2008 - 11:55 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP