Is my system infected by virus?

Yes, Its a good place for us to have people attach there becouse the general public cannot access them.

I was thinking to suggest sfc scannow (systemfile checker) but first lets Try visiting windows update, get all crittical updates, always reboot when prompted then go back untill no futher updates are offered.

I hope updates are still available for you.
 
Hi,
I use a dial up connection but it takes a lot of time for me to get the updates done.. Is there anyway i can download the updates from some other place and run it inmy system..
Thanks
Prady
 
Windows update has windows update catolog where updates can be downloaded but that would probaly take just as long, perhaps you have a friend who can get them for you and burn to a cd.
 
Thanks, i was looking for a option to download it somewhere else and burn a cd of it.. i will reply u back once i have done it
 
Hi,
I have installed the updates..
Application popup: msdtc.exe - Application Error : The instruction at "0x69a2ecba" referenced memory at "0x6b58648c". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program
Click to expand...
This popup has gone now after the updates....
But still the problem with yahoo messenger still persistes.. I tried to unistall and reinstall yahoo but somehow that prob still persists...
Thanks
PRady
 
Post one more Hijackthis log please

If you realy want to keep yahoos messenger you should contact them about the problems.
 
The new Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 3:05:12 PM, on 11/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\spyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: XBTP05399 - {4A41E0D2-D514-4ca6-A494-7EB8420A865F} - C:\PROGRA~1\REDIFF~2\REDIFF~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Bol IM] "C:\Program Files\Rediff Bol\RediffMessenger.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra button: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe

Thanks
Prady
 
This returned
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe

Run SDfix and DRweb again, here are the instructions again if needed

Download SDFix and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
SDFix Report
SDFix: Version 1.31
-------------------

Scan run on:
Tue 11/07/2006

Time:
9:38a


Microsoft Windows 2000 [Version 5.00.2195]

Running from: C:\Documents and Settings\Administrator\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----

WINLOGON

Path:
----

"C:\WINNT\system\winlogon.exe"


WINLOGON Deleted...

Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINNT\system\winlogon.exe
C:\WINNT\system32\i

Backing Up and Removing any Files Found...

Final Check:

Services:
---------




Files:
------



Any files removed are saved to the SDFix\backups Folder

FINISHED
 
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-23, 12:36:46 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195)

Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 9 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 85 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 149475
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
--------------------------

[Scan path] c:\documents and settings\administrator\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\mozilla firefox\firefox.exe
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\network monitor\netmon.exe
c:\program files\network monitor\netmon.exe infected with Trojan.DnsChange - deleted

[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\loadqm.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\bootwiz.exe
c:\winnt\system32\bootwiz.exe infected with Win32.HLLW.MyBot - deleted

[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lrsys.exe
c:\winnt\system32\lrsys.exe infected with Win32.HLLW.MyBot - deleted

[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lviss.exe
c:\winnt\system32\lviss.exe infected with BackDoor.IRC.Sdbot.694 - deleted

[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\userinit.exe
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
 
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 243
Infected objects found: 4
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 4
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 707 Kb/s
Scan time: 00:01:41
-----------------------------------------------------------------------------

[Scan path] C:\
>C:\!KillBox\yayvv.dll infected with Trojan.Virtumod - deleted
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\PARENT~1.LOC - read error
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJ2345O7\fix[1].exe is adware program Adware.Zango
>C:\Program Files\DAP\DAP.exeC:\Program Files\DAP\History\Administrator\_LASTH~1.DAT - read error
>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dll>>C:\RECYCLER\S-1-5-21-854245398-1708537768-842925246-500\Dc1.exe is adware program Adware.Zango
C:\WINNT\system32\setup_30556.exe infected with BackDoor.IRC.Sdbot.694 - deleted
C:\WINNT\system32\setup_64057.exe infected with BackDoor.IRC.Sdbot.694 - deleted
C:\WINNT\system32\setup_71854.exe infected with Win32.HLLW.MyBot - deleted
C:\WINNT\system32\setup_77271.exe infected with Win32.HLLW.MyBot - deleted
>>C:\WINNT\system32\win32.exe infected with Trojan.Spambot - deleted
C:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error

[Scan path] D:\
>D:\spyware\hijackthis\backups\backup-20060512-175510-200.dll infected with Trojan.Virtumod - deleted
D:\spyware\hijackthis\backups\backup-20060825-014337-252.dll is adware program Adware.Softomate
D:\spyware\hijackthis\backups\backup-20060914-235513-828.dll is adware program Adware.Softomate
D:\spyware\hijackthis\backups\backup-20060915-162000-521.dll is adware program Adware.Softomate
D:\spyware\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
D:\spyware\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 69218
Infected objects found: 7
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 4
Objects cured: 0
Objects deleted: 7
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 504 Kb/s
Scan time: 01:37:59
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe - incurable - moved
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe - incurable - moved
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJ2345O7\fix[1].exe - incurable - moved
C:\RECYCLER\S-1-5-21-854245398-1708537768-842925246-500\Dc1.exe - incurable - moved
D:\spyware\hijackthis\backups\backup-20060825-014337-252.dll - incurable - moved
D:\spyware\hijackthis\backups\backup-20060914-235513-828.dll - incurable - moved
D:\spyware\hijackthis\backups\backup-20060915-162000-521.dll - incurable - moved
D:\spyware\SmitfraudFix\SmitfraudFix\Process.exe - incurable - moved
D:\spyware\SmitfraudFix\SmitfraudFix\restart.exe - incurable - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 9
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
=============================================================================

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-23, 15:19:53 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195)
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 9 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 85 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 149475
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------
 
[Scan path] c:\documents and settings\administrator\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\loadqm.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\userinit.exe
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
[Scan path] c:\winnt\system\winlogon.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 239
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 879 Kb/s
Scan time: 00:01:13
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\DAP\DAP.exe>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dllC:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error

[Scan path] D:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 69498
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 439 Kb/s
Scan time: 01:52:29
-----------------------------------------------------------------------------
 
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-11-07, 10:17:23 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwtoday.cdb - 123 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwrtoday.cdb - 301 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwntoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwnasty.cdb - 4867 virus records
Total virus records: 151997
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
 
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\administrator\desktop\cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx4\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx4\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\google\google talk\googletalk.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\microsoft visual studio .net 2003\common7\packages\debugger\dbgproxy.exe
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\rediff bol\rediffmessenger.exe
[Scan path] c:\program files\rediff toolbar\redifftoolbar.dll
c:\program files\rediff toolbar\redifftoolbar.dll is adware program Adware.Softomate

[Scan path] c:\program files\spywareguard\dlprotect.dll
[Scan path] c:\program files\spywareguard\sgbhp.exe
[Scan path] c:\program files\spywareguard\sgmain.exe
[Scan path] c:\program files\spywareguard\spywareguard.dll
[Scan path] c:\program files\sunbelt software\personal firewall\kpf4gui.exe
[Scan path] c:\program files\sunbelt software\personal firewall\kpf4ss.exe
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\fwdrv.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\irenum.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\khips.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndisuio.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\initpki.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\notepad.exe
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shmgrate.exe
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
[Scan path] c:\winnt\system32\wzcdlg.dll
[Scan path] c:\winnt\web\related.htm
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 257
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1523 Kb/s
Scan time: 00:00:51
 
-----------------------------------------------------------------------------

[Scan path] C:\
C:\!KillBox\x.exe infected with BackDoor.IRC.Sdbot - deleted
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\DAP\DAP.exeC:\Program Files\DAP\History\Administrator\_LASTH~1.DAT - read error
>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dllC:\Program Files\Rediff Toolbar\redifftoolbar.dll is adware program Adware.Softomate
C:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error

[Scan path] D:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 99305
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 81 Kb/s
Scan time: 02:27:54
-----------------------------------------------------------------------------

c:\program files\rediff toolbar\redifftoolbar.dll - moved
C:\Program Files\Rediff Toolbar\redifftoolbar.dll
C:\Program Files\Rediff Toolbar\redifftoolbar.dll
C:\Program Files\Rediff Toolbar\redifftoolbar.dll

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 99562
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 2
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 89 Kb/s
Scan time: 02:28:45
=============================================================================
 
Looks like you might have to reinstall that redifftoolbar program, although i wouldnt since drweb says it is adware.

After about a full day of using your pc post back with another hijackthis log and a startup list.

Post a startup list from hijackthis
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.

Its quite large you wll probaly need to post the Hijackthis log in one reply the startup list in another
 
The New HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:31:30 AM, on 11/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\system32\notepad.exe
D:\spyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Bol IM] "C:\Program Files\Rediff Bol\RediffMessenger.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra button: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
 
You must log in or register to reply here.
Back
Top