Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

thecoolpics.net - pllss.. help me...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby sundara » August 5th, 2007, 1:37 am

hi,

First of all sorry - i couldn't reply immdly.

Avast is not cleaning new folder.exe. that's why installed avg and it's finding and cleaning this.

following is my ComboFix's Log

"Administrator" - 2007-08-05 10:50:25 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-01 18:19 <DIR> d-------- E:\!KillBox
2007-07-30 19:36 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\.purple
2007-07-30 19:32 <DIR> d-------- E:\Program Files\Aspell
2007-07-30 19:30 <DIR> d-------- E:\Program Files\Pidgin
2007-07-24 20:13 26,112 --a------ E:\WINDOWS\system32\nircmd.exe
2007-07-23 16:34 20,992 --a------ E:\WINDOWS\system32\drivers\RTL8139.sys
2007-07-23 15:59 <DIR> d-------- E:\Macromedia Flash MX 6
2007-07-23 14:25 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-07-21 18:17 <DIR> d-------- E:\Program Files\Common Files\Crystal Decisions
2007-07-21 15:40 <DIR> d-------- E:\Program Files\LGGSM
2007-07-21 10:04 <DIR> d-------- E:\bfu
2007-07-19 10:20 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-07-18 15:29 <DIR> drahs---- E:\autorun.inf
2007-07-18 12:27 <DIR> d-------- E:\VundoFix Backups
2007-07-16 14:37 <DIR> d-------- E:\WINDOWS\ERUNT
2007-07-14 18:49 <DIR> d-------- E:\Program Files\SUPERAntiSpyware
2007-07-14 18:49 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 18:49 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 15:41 <DIR> d-------- E:\Temp\ClnExtor
2007-07-14 11:00 <DIR> d-------- E:\Program Files\Trend Micro
2007-07-13 20:41 <DIR> d-------- E:\DOCUME~1\ADMINI~1\.housecall6.6
2007-07-13 18:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 09:46:11 -------- d-----w E:\DOCUME~1\ADMINI~1\APPLIC~1\.purple
2007-08-02 04:24:21 -------- d-----w E:\Program Files\Mozilla Thunderbird
2007-07-31 02:51:40 -------- d-----w E:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
2007-07-30 14:06:39 -------- d-----w E:\DOCUME~1\ADMINI~1\APPLIC~1\.gaim
2007-07-21 10:10:05 -------- d--h--w E:\Program Files\InstallShield Installation Information
2007-07-18 09:50:00 -------- d-----w E:\Program Files\FlashGet
2007-07-09 12:22:16 -------- d-----w E:\Program Files\Google
2007-07-04 05:13:11 -------- d-----w E:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-06-23 12:57:15 -------- d-----w E:\Program Files\UltraVNC
2007-06-22 13:52:08 -------- d-----w E:\Program Files\Kundli
2007-06-16 14:08:48 -------- d-----w E:\Program Files\7-Zip
2007-06-12 14:15:57 335 ----a-w E:\WINDOWS\nsreg.dat
2007-06-12 14:15:33 14,150 ----a-w E:\WINDOWS\mozver.dat
2007-06-12 14:15:33 118,784 ----a-w E:\WINDOWS\SeaMonkeyUninstall.exe
2007-06-12 14:15:10 118,784 ----a-w E:\WINDOWS\GREUninstall.exe
2007-06-12 14:14:08 -------- d-----w E:\Program Files\mozilla.org
2007-05-16 15:12:02 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 E:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-21 17:45]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-03 13:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll

R0 IdeBusDr;IdeBusDr;E:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;E:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R2 IISADMIN;IIS Admin;E:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSMQ;Message Queuing;E:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;E:\WINDOWS\system32\mqtgsvc.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SNMP;SNMP Service;E:\WINDOWS\System32\snmp.exe
R2 W3SVC;World Wide Web Publishing;E:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 E100B;Intel(R) PRO Adapter Driver;E:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 MQAC;Message Queuing access control;\??\E:\WINDOWS\system32\drivers\mqac.sys
R3 mssmbios;Microsoft System Management BIOS Driver;E:\WINDOWS\system32\DRIVERS\mssmbios.sys
R3 PptpMiniport;WAN Miniport (PPTP);E:\WINDOWS\system32\DRIVERS\raspptp.sys
R3 RasPppoe;Remote Access PPPOE Driver;E:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 Raspti;Direct Parallel;E:\WINDOWS\system32\DRIVERS\raspti.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\E:\WINDOWS\system32\drivers\RMCast.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;E:\WINDOWS\system32\Drivers\RootMdm.sys
R3 SMBios;Intel (R) System Management BIOS Service;E:\WINDOWS\system32\DRIVERS\SMBios.sys
S3 LMImirr;LMImirr;E:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 SNMPTRAP;SNMP Trap Service;E:\WINDOWS\System32\snmptrap.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{347867a2-8fe1-11db-99da-0011119f8d04}]
Auto\command- boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{448a3dc0-39d5-11dc-914a-0011119f8d04}]
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c39d12e-2473-11dc-910a-0011119f8d04}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c39d12f-2473-11dc-910a-0011119f8d04}]
Auto\command- H:\boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c4dd525-ec9e-11db-908a-0011119f8d04}]
Auto\command- boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd5f5e1-88e3-11db-99c6-0011119f8d04}]
Auto\command- boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{547a3917-869e-11db-99c2-0011119f8d04}]
AutoRun\command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cac29d4-9243-11db-99e1-0011119f8d04}]
Auto\command- G:\boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{647f1e61-416f-11dc-915b-0011119f8d04}]
Auto\command- sal.xls.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f654f64-e0d7-11db-9073-0011119f8d04}]
Auto\command- boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cca81ae-3c50-11dc-9151-0011119f8d04}]
AutoRun\command- .\Recycled\Desktop.exe
Open\Command- .\Recycled\Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e6d27ca-6d72-11db-9994-0011119f8d04}]
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deeebc6e-d37b-11db-9a7f-0011119f8d04}]
Auto\command- boot.exe
AutoRun\command- E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


Contents of the 'Scheduled Tasks' folder
2007-08-01 08:00:24 E:\WINDOWS\tasks\local pay.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 10:53:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 10:54:59
E:\ComboFix-quarantined-files.txt ... 2007-08-05 10:54
E:\ComboFix2.txt ... 2007-07-23 14:29

--- E O F ---


find HJT below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:52 AM, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\inetsrv\DavCData.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Trend Micro\HijackThis\dumb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.183.*;afcons.in;afcons.com;192.168.157.*;10.0.0.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Gtk+
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\Software\..\Telephony: DomainName = chenab
O17 - HKLM\System\CCS\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62790E7F-B559-45A2-AB0F-F90506FD1355}: NameServer = 10.0.0.1,202.134.192.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\System\CS1\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\System\CS2\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5647 bytes


Still i feel slowness in my PC, if u find any annoying soft in my pc kindly let me know
sundara
Active Member
 
Posts: 10
Joined: July 14th, 2007, 11:19 am
Location: Jammu
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » August 5th, 2007, 10:17 am

Hello sundara,

Please delete your current copy of Combofix and download the latest copy of Combofix from Tech Support Forum or Bleeping Computer and save it to your desktop.

Please copy and paste the following in the Code box into Notepad. Do not use any text editors as it will not work.

Code: Select all
Folder::
E:\Temp\ClnExtor

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{347867a2-8fe1-11db-99da-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{448a3dc0-39d5-11dc-914a-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c39d12f-2473-11dc-910a-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c4dd525-ec9e-11db-908a-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd5f5e1-88e3-11db-99c6-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{547a3917-869e-11db-99c2-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cac29d4-9243-11db-99e1-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{647f1e61-416f-11dc-915b-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f654f64-e0d7-11db-9073-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cca81ae-3c50-11dc-9151-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e6d27ca-6d72-11db-9994-0011119f8d04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deeebc6e-d37b-11db-9a7f-0011119f8d04}]


Click on File > Save As.

In the File Name field, copy and paste in CFScript.txt

Click Save.

Note: Do not change the file name.

Drag CFScript.txt into Combofix. Please see the picture below:

Image

Once done, a Combofix log will be produced. Please post this Combofix log as well as a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby sundara » August 6th, 2007, 2:50 am

Hi,

follwing is ComboFix's log

ComboFix 07-08-04.3 - "Administrator" 2007-08-06 12:01:30.1 [GMT 5.5:30] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: E:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Autorun.inf . . . . failed to delete
D:\Autorun.inf . . . . failed to delete
E:\Autorun.inf
E:\Temp\ClnExtor
E:\Temp\ClnExtor\PCCNT\Disk1\_ISDEL.EXE


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-01 18:19 <DIR> d-------- E:\!KillBox
2007-07-30 19:36 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\.purple
2007-07-30 19:32 <DIR> d-------- E:\Program Files\Aspell
2007-07-30 19:30 <DIR> d-------- E:\Program Files\Pidgin
2007-07-24 20:13 26,112 --a------ E:\WINDOWS\system32\nircmd.exe
2007-07-23 16:34 20,992 --a--c--- E:\WINDOWS\system32\dllcache\rtl8139.sys
2007-07-23 16:34 20,992 --a------ E:\WINDOWS\system32\drivers\RTL8139.sys
2007-07-23 15:59 <DIR> d-------- E:\Macromedia Flash MX 6
2007-07-23 14:25 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-07-21 18:17 <DIR> d-------- E:\Program Files\Common Files\Crystal Decisions
2007-07-21 15:40 <DIR> d-------- E:\Program Files\LGGSM
2007-07-21 10:04 <DIR> d-------- E:\bfu
2007-07-19 10:20 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-07-18 12:27 <DIR> d-------- E:\VundoFix Backups
2007-07-17 16:56 380,416 --a--c--- E:\WINDOWS\system32\dllcache\rstrui.exe
2007-07-17 16:56 158,208 --a--c--- E:\WINDOWS\system32\dllcache\msconfig.exe
2007-07-16 14:37 <DIR> d-------- E:\WINDOWS\ERUNT
2007-07-14 18:49 <DIR> d-------- E:\Program Files\SUPERAntiSpyware
2007-07-14 18:49 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 18:49 <DIR> d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-14 11:00 <DIR> d-------- E:\Program Files\Trend Micro
2007-07-13 20:41 <DIR> d-------- E:\DOCUME~1\ADMINI~1\.housecall6.6
2007-07-13 18:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 11:50 --------- d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\.purple
2007-08-02 09:54 --------- d-------- E:\Program Files\Mozilla Thunderbird
2007-07-31 08:21 --------- d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
2007-07-30 19:36 --------- d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\.gaim
2007-07-21 15:40 --------- d--h----- E:\Program Files\InstallShield Installation Information
2007-07-18 15:20 --------- d-------- E:\Program Files\FlashGet
2007-07-09 17:52 --------- d-------- E:\Program Files\Google
2007-07-04 10:43 --------- d-------- E:\DOCUME~1\ADMINI~1\APPLIC~1\U3
2007-06-26 13:57 363520 --a--c--- E:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-23 18:27 --------- d-------- E:\Program Files\UltraVNC
2007-06-22 19:22 --------- d-------- E:\Program Files\Kundli
2007-06-16 19:38 --------- d-------- E:\Program Files\7-Zip
2007-06-12 19:45 335 --a------ E:\WINDOWS\nsreg.dat
2007-06-12 19:45 14150 --a------ E:\WINDOWS\mozver.dat
2007-06-12 19:45 118784 --a------ E:\WINDOWS\SeaMonkeyUninstall.exe
2007-06-12 19:45 118784 --a------ E:\WINDOWS\GREUninstall.exe
2007-06-12 19:44 --------- d-------- E:\Program Files\mozilla.org
2007-05-16 20:42 86528 --a--c--- E:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 20:42 85504 --a--c--- E:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 20:42 683520 --a--c--- E:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 20:42 683520 --a------ E:\WINDOWS\system32\inetcomm.dll
2007-05-16 20:42 510976 --a--c--- E:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 20:42 1314816 --a--c--- E:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 E:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-21 17:45]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-03 13:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

R0 IdeBusDr;IdeBusDr;E:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;E:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R2 IISADMIN;IIS Admin;E:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSMQ;Message Queuing;E:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;E:\WINDOWS\system32\mqtgsvc.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);E:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SNMP;SNMP Service;E:\WINDOWS\System32\snmp.exe
R3 E100B;Intel(R) PRO Adapter Driver;E:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 MQAC;Message Queuing access control;\??\E:\WINDOWS\system32\drivers\mqac.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\E:\WINDOWS\system32\drivers\RMCast.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;E:\WINDOWS\system32\Drivers\RootMdm.sys
R3 SMBios;Intel (R) System Management BIOS Service;E:\WINDOWS\system32\DRIVERS\SMBios.sys
S3 LMImirr;LMImirr;E:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 SNMPTRAP;SNMP Trap Service;E:\WINDOWS\System32\snmptrap.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c39d12e-2473-11dc-910a-0011119f8d04}]
AutoRun\command- G:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-08-01 08:00:24 E:\WINDOWS\Tasks\local pay.job - E:\WINDOWS\system32\ntbackup.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 12:08:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 12:10:48 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-08-06 12:10
E:\ComboFix2.txt ... 2007-08-05 10:55
E:\ComboFix3.txt ... 2007-07-23 14:29

--- E O F ---

&

following is new HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:12 PM, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
E:\Program Files\Trend Micro\HijackThis\dumb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.183.*;afcons.in;afcons.com;192.168.157.*;10.0.0.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Gtk+
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\Software\..\Telephony: DomainName = chenab
O17 - HKLM\System\CCS\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62790E7F-B559-45A2-AB0F-F90506FD1355}: NameServer = 10.0.0.1,202.134.192.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\System\CS1\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = chenab
O17 - HKLM\System\CS2\Services\Tcpip\..\{021E1F74-6113-45C0-ACB9-CA4B0022C899}: NameServer = 202.56.250.5,202.56.250.6
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5509 bytes
sundara
Active Member
 
Posts: 10
Joined: July 14th, 2007, 11:19 am
Location: Jammu

Unread postby ndmmxiaomayi » August 6th, 2007, 7:46 am

Hello sundara. :)

Step 1

Please copy and paste the following in the Code box into Notepad.

Code: Select all
attrib -r -s -h C:\Autorun.inf
del /q C:\Autorun.inf
attrib -r -s -h D:\Autorun.inf
del /q D:\Autorun.inf


Click on File > Save As....

In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.

Click Save.

Step 2

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 3

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Step 5

Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

Step 6

Can you please help me check if these files are still present on your system:

1. C:\Autorun.inf
2. D:\Autorun.inf

In your next reply, please post:

  1. AVG Antispyware scan report
  2. Kaspersky Antivirus scan report
  3. A new HijackThis log
  4. Whether or not the 2 files are present
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby sundara » August 7th, 2007, 6:48 am

Hi,


(1) AVG's Log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:03:54 PM 06/08/2007

+ Scan result:



C:\bankey backup\d drive\CORNEL\EMERGENCY\EMERGENCY-1\EMERGENCY-2\SOFTWARE\converter\HistorySwatterSetup2.0.4.18.exe -> Dropper.Small : Cleaned with backup (quarantined).
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@rediffcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.384:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.385:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.386:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.451:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.452:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.579:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.580:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.581:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.94:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.96:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.261:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.262:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.263:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.264:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.475:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.476:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.216:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.114:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.115:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.69:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.70:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.287:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.325:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.418:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.49:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.78:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.195:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.196:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.197:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.309:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.310:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.311:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.313:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.314:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@ehg-webchutney.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.460:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.373:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.512:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.550:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.551:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.552:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Infinite-ads : Cleaned.
:mozilla.84:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.85:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.86:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.301:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.302:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.583:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.584:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.297:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.237:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.334:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.335:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.336:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.519:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.207:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.205:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Popularix : Cleaned.
:mozilla.522:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.523:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.83:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.156:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.157:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.158:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.159:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.160:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.239:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.240:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.241:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.242:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.526:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.527:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.528:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.529:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.374:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.190:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.191:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.192:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.210:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.218:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
E:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.330:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.333:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.56:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.61:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.62:E:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\g936s44t.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
D:\vrr d\Documents and Settings\krcl02\Cookies\krcl02@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

==================================================

(2) Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 3:54:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353030
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 140958
Number of viruses found: 3
Number of infected objects: 91 / 0
Number of suspicious objects: 0
Duration of the scan process: 05:47:31

Infected Object Name / Virus Name / Last Action
C:\bankey backup\d drive\CORNEL\EMERGENCY\EMERGENCY-1\EMERGENCY-2\SOFTWARE\Softwares\TunesUpSetup.exe/file09 Infected: Backdoor.Win32.Hupigon.bfo skipped
C:\bankey backup\d drive\CORNEL\EMERGENCY\EMERGENCY-1\EMERGENCY-2\SOFTWARE\Softwares\TunesUpSetup.exe Inno: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\soft\key rockworks 2006\ag-2930c-2006-09-08.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
D:\soft\key rockworks 2006\ag-2930c-2006-09-08.rar RAR: infected - 1 skipped
D:\soft\key rockworks 2006\ag-2930c-2006-09-08.rar CryptFF.b: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\abook.mab Object is locked skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\cert8.db Object is locked skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\key3.db Object is locked skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From " ... /[From "afcons rkjain" <rkjain@afcons.com>][Date Fri, 29 Dec 2006 14:27:27 + ... /msg.hta Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From " ... /[From "afcons rkjain" <rkjain@afcons.com>][Date Fri, 29 Dec 2006 14:27:27 + ... /UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From " ... /[From "afcons rkjain" <rkjain@afcons.com>][Date Fri, 29 Dec 2006 14:27:27 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From "Ram ... /[From "afcons rkjain" <rkjain@afcons.com>][Date Fri, 29 Dec 2006 14:22:13 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From "Ramesh Va ... /[From M Mishra <mmishra@afcons.com>][Date Thu, 28 Dec 2006 11:04:28 + ... /text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From "Ramesh Va ... /[From M Mishra <mmishra@afcons.com>][Date Thu, 28 Dec 2006 11:04:28 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < . ... /[From "Ramesh Vasudevan Kumba" <Ramesh_Kumba@infosys.com>][Date Thu, 21 Sep 2006 13:53:44 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < ... /[From ... /[From "Lalit Gupta" <lgupta@hughes-ecomm.com>][Date Wed, 20 Sep 2006 10:55:45 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < ... /[From "Ramesh V ... /[From M Mishra <mmishra@afcons.com>][Date Wed, 20 Sep 2006 09:17:09 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < ... /[From "Ramesh Vasudevan Kumba ... /[From shrawan@afcons.com][Date Tue, 12 Sep 2006 14:33:24 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" < ... /[From "Ramesh Vasudevan Kumba" <Ramesh_Kumba@infosys.com>][Date Thu, 7 Sep 2006 19:03:44 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From sun ... /[From "veer koul" <veerkoul@hotmail.com>][Date Sat, 26 Aug 2006 15:08:37 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From sundararajan k s <kssrajan6@yahoo.co.in>][Date Fri, 25 Aug 2006 13:36:57 +0100 (BST)]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From ... / ... /[From M Mishra <mmishra@afcons.com>][Date Thu, 24 Aug 2006 12:52:42 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From ... /[From Milind A Joshi <majoshi@afcons.com>][Date Thu, 24 Aug 2006 12:33:12 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From s ... /[From "K.V.Shanbhag" <shanbhag@afcons.com>][Date Tue, 22 Aug 2006 14:06:26 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikh ... /[From sundararajan k s <kssrajan6@yahoo.co.in>][Date Sat, 12 Aug 2006 12:06:06 +0100 (BST)]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... .. ... /[Fr ... /[From sundara <sundara@afcons.com>][Date Thu, 10 Aug 2006 16:42:34 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... .. ... /[From "kishor karve" <kishork@afconsindia.com>][Date Thu, 16 Mar 2006 16:42:21 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... .. . ... /[From "SHABNAM" <shabnam@afconsindia.com>][Date Thu, 16 Mar 2006 16:30:02 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... .. ... ... /[From "K.V.Shanbhag" <shanbhag@afcons.com>][Date Tue, 14 Mar 2006 15:23:04 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... .. ... /[From "kishor karve" <kishork@afconsindia.com>][Date Tue, 14 Mar 2006 00:29:41 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... ... ... /[From "sume ... /[From skbose@afcons.com][Date Sat, 11 Mar 2006 15:13:44 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... ... ... /[From "sumeshk" <sumeshks@afcons.com>][Date Fri, 10 Mar 2006 17:33:44 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... ... /[From "kishor ka ... /[From skbose@afcons.com][Date Fri, 10 Mar 2006 15:37:05 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... ... /[From "kishor karve" <kishork@afconsindia.com>][Date Thu, 9 Mar 2006 14:36:40 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Thu, 09 Mar 2006 13:54:09 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ .. ... /[From skbose@afcons.com][Date Thu, 09 Mar 2006 09:50:16 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:19:24 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:19:05 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:18:25 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:18:04 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:17:28 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:17:05 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:16:44 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:16:21 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:15:59 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[ ... /[From citrix@afcons.com][Date Wed, 08 Mar 2006 16:15:15 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kis ... /[From "TAC" <vcc@hughes-ecomm.com>][Date Fri, 3 Mar 2006 12:59:13 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 20:58:30 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 20:53:48 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 20:53:15 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 20:27:26 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 20:26:50 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 19:27:01 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 19:26:34 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 19:26:00 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 19:25:25 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor kar ... /[From citrix@afcons.com][Date Tue, 28 Feb 2006 18:41:05 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... ... /[From "kishor karve" <kishork@afconsindia.com>][Date Tue, 28 Feb 2006 17:37:24 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... /[Fro ... /[From "Nikh ... /[From mvdanai@afcons.com][Date Mon, 27 Feb 2006 13:53:55 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... /[Fro ... /[From "Nikhil N. Talati" <nikhil@afcons.com>][Date Fri, 06 Jan 2006 10:23:29 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhi ... /[From sundararajan k s <kssrajan6@yahoo.co.in>][Date Wed, 4 Jan 2006 21:22:08 +0000 (GMT)]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhil@afcons.com>][Date Tue, 03 ... /[From sundara@afcons.com][Date Thu, 05 Jan 2006 02:30:54 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED/[From "Nikhil N. Talati" <nikhil@afcons.com>][Date Tue, 03 Jan 2006 10:14:10 +0530]/text Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Tue, 13 Dec 2005 14:38:29 +0530]/text/[From "Kazim" <kazims@afconsindia.com>][Date Wed, 14 Dec 2005 09:54:17 +0530]/UNNAMED/[From "afcons2612" <afcons2612@afconsindia.com>][Date Fri, 16 Dec 2005 17:49:57 +0530]/UNNAMED Infected: Worm.Win32.Feebs.gen skipped
E:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\ti4x2tpe.default\Mail\192.168.183.4\Inbox/[From "Nikhil N. Talati" <nikhil@afconsindia.com>][Date Wed, 23 Nov 2005 16:10:52 +0530]/text/[From "Kazim" <kazims@afconsindia.com>]
sundara
Active Member
 
Posts: 10
Joined: July 14th, 2007, 11:19 am
Location: Jammu

Unread postby ndmmxiaomayi » August 7th, 2007, 10:57 am

Hello sundara,

Your Kaspersky log is bad news.

A backdoor has been detected, as well as several cracked softwares. It's our policy not to help victims if they use cracked softwares.

My standard warning if a backdoor has been detected.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the follwing articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware