Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2


  • Please log in to reply
38 replies to this topic

#1 charlyle

charlyle

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 12:18 PM

Hi. I need help on trying to remove this Trojan.Gen.2. Also, when i check my task manager, multiples of ping.exe and conhost.exe are running. I tried exterminating them, but they keep returning. Thank you.

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:35 AM

Posted 04 August 2011 - 06:33 PM

Hi charlyle,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

:step3: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • Minitoolbox log
  • Malwarebytes log
  • SUPERAntiSpyware log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 06:51 PM

MiniToolBox by Farbar 

Ran by Thanh Cong (administrator) on 04-08-2011 at 16:46:33

Windows 7 Home Premium Service Pack 1 (X64)



***************************************************************************



========================= IE Proxy Settings: ============================== 



Proxy is not enabled.

No Proxy Server is set.



========================= FF Proxy Settings: ============================== 



"network.proxy.http", "127.0.0.1"

"network.proxy.http_port", 51535

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.





# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled

add route prefix=0.0.0.0/0 interface="ethernet_9" nexthop=5.0.0.1 publish=Yes

add route prefix=0.0.0.0/0 interface="Local Area Connection* 6-QoS Packet Scheduler-0000" nexthop=5.0.0.1 publish=Yes

set interface interface="ethernet_9" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

set interface interface="Local Area Connection* 6-QoS Packet Scheduler-0000" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled





popd

# End of IPv4 configuration







Windows IP Configuration



   Host Name . . . . . . . . . . . . : ThanhCong-PC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : socal.rr.com



Wireless LAN adapter Wireless Network Connection 2:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

   Physical Address. . . . . . . . . : 0C-60-76-7F-C1-87

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes



Wireless LAN adapter Wireless Network Connection:



   Connection-specific DNS Suffix  . : socal.rr.com

   Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

   Physical Address. . . . . . . . . : 0C-60-76-7F-C1-87

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::7938:84cb:14de:565a%11(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, August 04, 2011 2:38:15 PM

   Lease Expires . . . . . . . . . . : Friday, August 05, 2011 2:38:15 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 302801014

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-85-31-3D-00-26-22-A6-1B-5F

   DNS Servers . . . . . . . . . . . : 209.18.47.61

                                       209.18.47.62

   NetBIOS over Tcpip. . . . . . . . : Enabled



Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . : socal.rr.com

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 00-26-22-A6-1B-5F

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::48cf:c433:7a47:d711%10(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, August 04, 2011 2:38:04 PM

   Lease Expires . . . . . . . . . . : Friday, August 05, 2011 2:38:04 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 335553370

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-85-31-3D-00-26-22-A6-1B-5F

   DNS Servers . . . . . . . . . . . : 209.18.47.61

                                       209.18.47.62

   NetBIOS over Tcpip. . . . . . . . : Enabled



Tunnel adapter Reusable ISATAP Interface {80017057-BCA8-48FC-B0B5-AEFA315A18B6}:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{B3264E70-0712-4EEB-ABD9-207005D16180}:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Local Area Connection* 14:



   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1489:8be:b779:cb1c(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::1489:8be:b779:cb1c%18(Preferred) 

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter isatap.socal.rr.com:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : socal.rr.com

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Reusable ISATAP Interface {F76A363A-1016-4D71-90A1-3F1DBB3F8A25}:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes



Pinging google.com [74.125.224.82] with 32 bytes of data:

Reply from 74.125.224.82: bytes=32 time=25ms TTL=54

Reply from 74.125.224.82: bytes=32 time=23ms TTL=54



Ping statistics for 74.125.224.82:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 23ms, Maximum = 25ms, Average = 24ms



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Reply from 67.195.160.76: bytes=32 time=88ms TTL=50

Reply from 67.195.160.76: bytes=32 time=83ms TTL=50



Ping statistics for 67.195.160.76:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 83ms, Maximum = 88ms, Average = 85ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 14...0c 60 76 7f c1 87 ......Microsoft Virtual WiFi Miniport Adapter

 11...0c 60 76 7f c1 87 ......Broadcom 802.11b/g WLAN

 10...00 26 22 a6 1b 5f ......Realtek PCIe FE Family Controller

  1...........................Software Loopback Interface 1

 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     30

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276

      192.168.1.0    255.255.255.0         On-link     192.168.1.101    286

    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276

    192.168.1.101  255.255.255.255         On-link     192.168.1.101    286

    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276

    192.168.1.255  255.255.255.255         On-link     192.168.1.101    286

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276

        224.0.0.0        240.0.0.0         On-link     192.168.1.101    286

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276

  255.255.255.255  255.255.255.255         On-link     192.168.1.101    286

===========================================================================

Persistent Routes:

  Network Address          Netmask  Gateway Address  Metric

          0.0.0.0          0.0.0.0          5.0.0.1  Default 

          0.0.0.0          0.0.0.0          5.0.0.1  Default 

===========================================================================



IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 18     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 18     58 2001::/32                On-link

 18    306 2001:0:4137:9e76:1489:8be:b779:cb1c/128

                                    On-link

 10    276 fe80::/64                On-link

 11    286 fe80::/64                On-link

 18    306 fe80::/64                On-link

 18    306 fe80::1489:8be:b779:cb1c/128

                                    On-link

 10    276 fe80::48cf:c433:7a47:d711/128

                                    On-link

 11    286 fe80::7938:84cb:14de:565a/128

                                    On-link

  1    306 ff00::/8                 On-link

 18    306 ff00::/8                 On-link

 10    276 ff00::/8                 On-link

 11    286 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None



========================= Event log errors: ===============================



Application errors:

==================

Error: (08/01/2011 08:07:04 AM) (Source: Application Error) (User: )

Description: Faulting application name: LolClient.exe, version: 2.0.2.12610, time stamp: 0x4c00573a

Faulting module name: Adobe AIR.dll, version: 2.5.0.16600, time stamp: 0x4ca30e16

Exception code: 0xc0000005

Fault offset: 0x000121da

Faulting process id: 0x1180

Faulting application start time: 0xLolClient.exe0

Faulting application path: LolClient.exe1

Faulting module path: LolClient.exe2

Report Id: LolClient.exe3



Error: (07/30/2011 08:04:07 AM) (Source: Application Error) (User: )

Description: Faulting application name: LolClient.exe, version: 2.0.2.12610, time stamp: 0x4c00573a

Faulting module name: Adobe AIR.dll, version: 2.5.0.16600, time stamp: 0x4ca30e16

Exception code: 0xc0000005

Fault offset: 0x000121da

Faulting process id: 0x7e8

Faulting application start time: 0xLolClient.exe0

Faulting application path: LolClient.exe1

Faulting module path: LolClient.exe2

Report Id: LolClient.exe3



Error: (07/29/2011 04:39:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 04:08:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 03:58:46 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 03:48:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 03:36:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 03:26:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 03:10:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.



Error: (07/29/2011 02:52:23 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.





System errors:

=============

Error: (08/04/2011 02:38:04 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: 

%%183



Error: (08/04/2011 02:38:04 PM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall Authorization Driver service failed to start due to the following error: 

%%183



Error: (08/04/2011 00:28:48 PM) (Source: Service Control Manager) (User: )

Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).



Error: (08/04/2011 11:17:53 AM) (Source: Service Control Manager) (User: )

Description: The NPPTNT2 service failed to start due to the following error: 

%%2



Error: (08/04/2011 11:17:46 AM) (Source: Application Popup) (User: )

Description: \??\C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.



Error: (08/04/2011 11:15:35 AM) (Source: Service Control Manager) (User: )

Description: The NPPTNT2 service failed to start due to the following error: 

%%2



Error: (08/04/2011 11:15:27 AM) (Source: Application Popup) (User: )

Description: \??\C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.



Error: (08/04/2011 11:10:55 AM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: 

%%183



Error: (08/04/2011 11:10:55 AM) (Source: Service Control Manager) (User: )

Description: The Windows Firewall Authorization Driver service failed to start due to the following error: 

%%183



Error: (08/04/2011 11:09:47 AM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: 

%%1056





Microsoft Office Sessions:

=========================



=========================== Installed Programs ============================



 Update for Microsoft Office 2007 (KB2508958)

µTorrent (Version: 2.2.1)

18 Wheels of Steel: Haulin'  (Version: )

Acrobat.com (Version: 1.6.65)

Activate Norton Online Backup (Version: 1.1.20.0)

Adobe AIR (Version: 1.5.0.7220)

Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)

Adobe Flash Player 10 Plugin (Version: 10.2.159.1)

Adobe Photoshop 7.0 (Version: 7.0)

Adobe Reader 9.1 MUI (Version: 9.1.0)

Adobe Shockwave Player 11.5 (Version: 11.5.9.620)

AIM 7

Alps Touch Pad Driver

AnalogX POW!

Ask Toolbar (Version: 1.11.3.0)

Atomic RAR Password Recovery 1.20 (Version: 1.20)

BitTorrent (Version: 7.2.1)

Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)

CCleaner (Version: 2.27)

Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)

D3DX10 (Version: 15.4.2368.0902)

Dogpile Bundle Toolbar (Version: 1.514)

Download Updater (AOL LLC)

ENE CIR Receiver Driver (Version: 2.7.3.519)

ESET Online Scanner v3

Fraps (remove only)

FrostWire 4.20.5 (Version: 4.20.5.0)

Google Chrome (Version: 13.0.782.107)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.1.1920.1238)

Google Update Helper (Version: 1.3.21.57)

Homepage Protection (Version: )

HP 3D DriveGuard (Version: 4.0.3.1)

HP Advisor (Version: 3.2.8946.3086)

HP Customer Experience Enhancements (Version: 6.0.1.3)

HP Games (Version: 1.0.0.71)

HP MediaSmart DVD (Version: 3.0.3123)

HP MediaSmart Internet TV (Version: 3.0.1916)

HP MediaSmart Live TV (Version: 3.0.1924)

HP MediaSmart Movie Themes (Version: 3.0.3102)

HP MediaSmart Music/Photo/Video (Version: 3.0.3123)

HP MediaSmart SlingPlayer (Version: 2.1.1.60)

HP MediaSmart SmartMenu (Version: 3.0.30.1)

HP MediaSmart Software Notebook Demo (Version: 1.00.0000)

HP MediaSmart Webcam (Version: 3.0.1913)

HP Quick Launch Buttons (Version: 6.50.17.1)

HP Setup (Version: 1.2.3220.3079)

HP Smart Web Printing (Version: 131.1.35898)

HP Support Assistant (Version: 5.1.10.7)

HP Update (Version: 5.001.000.014)

HP User Guides 0146 (Version: 1.02.0002)

HP Wireless Assistant (Version: 3.50.12.1)

IDT Audio (Version: 1.0.6225.0)

ijji REACTOR (Version: 1.00.0000)

Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2082)

Internet TV for Windows Media Center (Version: 3.2.1.0)

Java Auto Updater (Version: 2.0.5.1)

Java(TM) 6 Update 18 (64-bit) (Version: 6.0.180)

Java(TM) 6 Update 26 (Version: 6.0.260)

Java(TM) SE Development Kit 6 Update 18 (64-bit) (Version: 1.6.0.180)

Java(TM) SE Development Kit 6 Update 18 (Version: 1.6.0.180)

JMicron Flash Media Controller Driver (Version: 1.0.32.1)

Junk Mail filter update (Version: 15.4.3502.0922)

League of Legends (Version: 1.3)

LightScribe System Software (Version: 1.18.16.1)

LSI HDA Modem (Version: 2.2.97)

Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)

MapleStory

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Live Search Toolbar (Version: 3.0.560.0)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)

Microsoft Silverlight (Version: 4.0.60531.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Works (Version: 9.7.0621)

Minecraft Beta Cracked

Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT Redists (Version: 1.0)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Nexon Game Manager

Norton 360 (Version: 4.3.0.5)

Pando Media Booster (Version: 2.3.5.2)

PowerRecover (Version: 5.5.1923)

QLBCASL (Version: 6.40.17.2)

Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)

RS2Bot (Version: 1.3.0)

Shop to Win 8 (Version: 1.011)

SlingBoxWatchYourTVAnyWhere (Version: 2.1.1.58)

Soldier Front (Version: 1.00.787)

Spybot - Search & Destroy (Version: 1.6.2)

swagbar3.0 Toolbar (Version: )

System Requirements Lab CYRI (Version: 4.4.21.0)

TeamViewer 6 (Version: 6.0.9947)

UniKey 4.0 (Version: 4.0)

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553975)

Vegas Pro 10.0 (Version: 10.0.669)

Ventrilo Client (Version: 3.0.8)

Ventrilo Server (Version: 3.0.3)

Wild Tangent - Fate

WildGames (Version: 1.0.0.62)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Movie Maker 2.6 (Version: 2.6.4037.0)

WinRAR archiver

Xfire (remove only)

Yahoo! Detect



========================= Memory info: ===================================



Percentage of memory in use: 51%

Total physical RAM: 3998.96 MB

Available physical RAM: 1950.27 MB

Total Pagefile: 7996.12 MB

Available Pagefile: 5810.52 MB

Total Virtual: 4095.88 MB

Available Virtual: 3976.38 MB



========================= Partitions: =====================================



1 Drive c: () (Fixed) (Total:282.08 GB) (Free:202.45 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.59 GB) NTFS



========================= Users: ========================================



User accounts for \\THANHCONG-PC



Administrator            Guest                    Thanh Cong               





== End of log == 



#4 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 08:16 PM

Model: HP Pavilion dv4 Notebook PC
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Installed memory(RAM): 4.00 GB
System type: 64-bit Operating System

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7379

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/4/2011 6:15:51 PM
mbam-log-2011-08-04 (18-15-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 472946
Time elapsed: 1 hour(s), 26 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:35 AM

Posted 04 August 2011 - 08:23 PM

Looking good. :thumbup2: Please continue with steps 3 and 4 from my first post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 09:28 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/04/2011 at 07:20 PM

Application Version : 5.0.1108

Core Rules Database Version : 7515
Trace Rules Database Version: 5327

Scan type : Complete Scan
Total Scan Time : 00:57:45

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 579
Memory threats detected : 0
Registry items scanned : 73820
Registry threats detected : 0
File items scanned : 99071
File threats detected : 274

Rogue.MSE-Fraud
C:\Users\Thanh Cong\AppData\Roaming\install

Adware.Tracking Cookie
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.megaporn.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.game-advertising-online.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.find-fast-answers.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertise.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pops.therainbowfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.audience2media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.audience2media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.audience2media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
freecamsexposed.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.megaporn.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.megaporn.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.megaporn.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.gmtrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gaiainteractive.112.2o7.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ilivid.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forums.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forums.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forums.elitegn.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.hostgator.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viewablemedia.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.anrtx.tacoda.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealfind.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trafficking.nabbr.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xm.xtendmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
forum.blackhairmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forum.blackhairmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forum.blackhairmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.forum.blackhairmedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citi.bridgetrack.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\THANH CONG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
content.yieldmanager.edgesuite.net [ C:\USERS\THANH CONG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\HWM5U9WK ]
cdn.assets.evolvemediacorp.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
content.yieldmanager.edgesuite.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
convoad.technoratimedia.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
hs.interpolls.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
media.heavy.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
media.kyte.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
media.mtvnservices.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
media.scanscout.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
media1.break.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
msnbcmedia.msn.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
s0.2mdn.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
secure-uk.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]
sftrack.searchforce.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\T68M8KBD ]

#7 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 09:59 PM

I didnt get any log for GMER, but i think it said nothing was changed.

#8 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 04 August 2011 - 10:11 PM

Srry im still getting the Auto-Protect from Trojan.gen.2 pop up.

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:35 AM

Posted 04 August 2011 - 10:13 PM

Hi charlyle,

I assume Norton is popping up with Auto-Protect for Trojan.Gen.2? Does Norton tell you what file is infected?

Please download SystemLook and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ping.exe
    conhost.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 05 August 2011 - 12:24 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 04/08/2011 by Thanh Cong
Administrator - Elevation successful

========== filefind ==========

Searching for "ping.exe"
C:\Windows\System32\PING.EXE --a---- 16896 bytes [00:10 14/07/2009] [01:39 14/07/2009] 5FB30FE90736C7FC77DE637021B1CE7C
C:\Windows\system64\PING.EXE --a---- 16896 bytes [00:10 14/07/2009] [01:39 14/07/2009] 5FB30FE90736C7FC77DE637021B1CE7C
C:\Windows\SysWOW64\PING.EXE --a---- 15360 bytes [23:55 13/07/2009] [01:14 14/07/2009] 6242E3D67787CCBF4E06AD2982853144
C:\Windows\winsxs\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_052696aea98bcefc\PING.EXE --a---- 16896 bytes [00:10 14/07/2009] [01:39 14/07/2009] 5FB30FE90736C7FC77DE637021B1CE7C
C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\PING.EXE --a---- 15360 bytes [23:55 13/07/2009] [01:14 14/07/2009] 6242E3D67787CCBF4E06AD2982853144

Searching for "conhost.exe"
C:\Windows\System32\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:53 03/06/2011] 0781B335C421A785520037365897F1BF
C:\Windows\system64\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:53 03/06/2011] 0781B335C421A785520037365897F1BF
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16385_none_d050b8f81bcacc5a\conhost.exe --a---- 338432 bytes [23:38 13/07/2009] [01:39 14/07/2009] F64E8258351E501AA065AC499530367C
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16816_none_d09d72341b9113dd\conhost.exe --a---- 338944 bytes [19:28 12/07/2011] [07:32 14/05/2011] 4E61A3EDD4F8B6B8278C54E15A5EEF34
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.16823_none_d08fa16a1b9be3c9\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:35 02/06/2011] DD2CE830345301D6817B9C4646E90D15
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7600.20978_none_d0e8300b34dd8dfb\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:50 03/06/2011] 410D122273D8B4B6282D2B555EF064F7
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe --a---- 337920 bytes [05:17 01/07/2011] [13:24 20/11/2010] BD51024FB014064BC9FE8C715C18392F
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17617_none_d284cf8418b69920\conhost.exe --a---- 338432 bytes [19:28 12/07/2011] [07:16 14/05/2011] 28B04ED2C7F75723B1B4FC490F8A20D4
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17625_none_d277ff0418c08263\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:53 03/06/2011] 0781B335C421A785520037365897F1BF
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21728_none_d3049cad31db6e32\conhost.exe --a---- 338432 bytes [19:28 12/07/2011] [07:09 14/05/2011] 5B738B95803CF1FD00CD8C5477DFBEAE
C:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21738_none_d2f9ccc131e38a23\conhost.exe --a---- 338944 bytes [19:27 12/07/2011] [06:52 03/06/2011] 13A1C354D7DB71A4CD7DA8EB4C760DAE

-= EOF =-

#11 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 05 August 2011 - 12:42 AM

Norton said activity happens in here - File: c:\windows\assembly\tmp\@.dlw

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:35 AM

Posted 05 August 2011 - 09:31 AM

Hi charlyle,

ping.exe and conhost.exe are located in the correct locations, and appear to be the correct files, so I am not sure why you have multiples of them running in the task manager.

:step1: Rerun SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\windows\assembly\tmp\ /md5
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 05 August 2011 - 09:50 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 07:49 on 05/08/2011 by Thanh Cong
Administrator - Elevation successful

========== dir ==========

c:\windows\assembly\tmp - Parameters: "/md5"

---Files---
@.dll --a---- 34304 bytes [14:41 05/08/2011] [14:41 05/08/2011] B186DECE77CF0E7B62F51CA67FF0596D
bckfg.tmp --a---- 829 bytes [21:59 25/07/2011] [14:40 05/08/2011] 2752334016AAB8C07D800BF817C90E80
cfg.ini --a---- 224 bytes [21:56 25/07/2011] [13:25 05/08/2011] 3DD50753239370E15DAD46D3E5DB6978
keywords --a---- 0 bytes [05:23 26/07/2011] [17:53 29/07/2011] D41D8CD98F00B204E9800998ECF8427E
lsflt7.ver --a---- 5176 bytes [05:26 26/07/2011] [14:40 05/08/2011] 0CF86F792D9EBB6671BB877E9DFA8424
{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} --a---- 2048 bytes [21:53 25/07/2011] [21:53 25/07/2011] 7FD3BDECD985FFEE6ACFF793027A456E

---Folders---
U d------ [21:53 25/07/2011]

-= EOF =-

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:35 AM

Posted 05 August 2011 - 09:55 AM

:step1: Rerun SystemLook once more
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\windows\assembly\tmp /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 charlyle

charlyle
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 05 August 2011 - 10:00 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:00 on 05/08/2011 by Thanh Cong
Administrator - Elevation successful

========== dir ==========

c:\windows\assembly\tmp - Parameters: "/s"

---Files---
@.dll --a---- 34304 bytes [14:56 05/08/2011] [14:56 05/08/2011]
bckfg.tmp --a---- 829 bytes [21:59 25/07/2011] [14:40 05/08/2011]
cfg.ini --a---- 224 bytes [21:56 25/07/2011] [13:25 05/08/2011]
keywords --a---- 0 bytes [05:23 26/07/2011] [17:53 29/07/2011]
lsflt7.ver --a---- 5176 bytes [05:26 26/07/2011] [14:40 05/08/2011]
{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} --a---- 2048 bytes [21:53 25/07/2011] [21:53 25/07/2011]

c:\windows\assembly\tmp\U d------ [21:53 25/07/2011]

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users