0

Hi friends,
i got broad band connection recently in my home, everything was fine but recently i am getting this error "Generic Host Process error for Win 32" whenever i get this net will be disconnected suddenly ( says operation timed out for any addess i type )..this is my HIjackThis log.....
please help me to correct my PC
thanks a million... :)

Logfile of HijackThis v1.99.1
Scan saved at 9:20:09 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\WordWeb\wweb32.exe
D:\Documents and Settings\Narendra\My Documents\New Folder\New Folder\WindowsXP-KB894391-x86-ENU.exe
c:\03f0c2d10d127f27bc5021b1\update\update.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Narendra\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{148FA836-BB8F-4673-8820-666E92AF6966}: NameServer = 218.248.240.23 218.248.240.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAE45DCE-03AF-4BE4-9E27-E86363FB27AC}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

3
Contributors
19
Replies
20
Views
10 Years
Discussion Span
Last Post by crunchie
0

thanks for the reply TT4Titans,
i fixed the above error, but the link below is not working....that link is not available... what to do further.....

0

and one more problem, when ever i restart my computer that entry is once again seen in the HijackThis log ???? :(

0

Copy and paste the link into your browser.

The sirst part of the IP is this.

218.248.240.23
address: Internet Cell
address: Bharat Sanchar Nigam Limited
address: 8th Floor,148-B Statesman House
address: Barakhamba Road, New Delhi - 110 001
address: Lobby 1 , 4th Floor
address: Mahanagar Doorsanchar Sadan
address: 9 CGO Complex , Lodhi Road , New Delhi

218.248.240.135
address: Internet Cell
address: Bharat Sanchar Nigam Limited
address: 8th Floor,148-B Statesman House
address: Barakhamba Road, New Delhi - 110 001
address: Lobby 1 , 4th Floor
address: Mahanagar Doorsanchar Sadan
address: 9 CGO Complex , Lodhi Road , New Delhi

If you have Hi speed with a wireless router you need to secure it.

0

sorry TT4Titans,
i didnt get u....i have Hi speed BSNL broad band connection in home but it is not wireless modem that is sure.... so, what to do for this problem... ??? it is tooo irritating.... i am getting this error again and agian...... after which i need to restart my computer. ?? and i have also installed one of the hotfix form microsoft...from here..http://support.microsoft.com/kb/894391 inspite of that i am getting this error...please help me...
thanks.....

0

Go to your network connection in control panel right click it and click properties.in the click TCP\IP to highlite then click properties in the general make sure it is set to obtain automatically.

0

i did what u told but still my problem remains... what to do now ????
this is my new HijackThis log....i have disabled the unwanted things at the start up ....
is there any problem with this ???
Logfile of HijackThis v1.99.1
Scan saved at 8:36:20 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Narendra\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{148FA836-BB8F-4673-8820-666E92AF6966}: NameServer = 218.248.240.23 218.248.240.135
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

please help me solving this problem...
thanks....

0

Please download and install AVG antispyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait and AVG antispyware will open to the main screen automatically.
  • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
  • This is very important to get updates
  • When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

  • Run AVG antispyware.
  • Click on scanner at top of AVG antispyware sceen.
  • Click on Settings.
  • Under How to Act click on Recommended Action and choose Quarantine.
  • Under How to scan all boxes should be selected.
  • Under Possibly unwanted software all boxes should be selected.
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file.
  • Click On scan Tab.
  • Click on Complete system scan.
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished at bottom of screen click Apply all Actions.
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop.
  • Click Save.
  • Exit AVG antispyware.

Reboot back to normal mode.


Post the log here.

0

Thanks for reply crunchie.... sorry couldn come online........ and i have performed all the steps u have told above.... here is my AVG Anti-Spyware - Scan Report.....

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:27:40 AM 3/21/2007

+ Scan result:

D:\New Folder\Narendra\New Folder (3)\New Folder\Copy of hav fun with C.exe/hauntpc.exe -> Not-A-Virus.BadJoke.Win32.Hauntpc : Cleaned.
D:\New Folder\Narendra\New Folder (3)\New Folder\hav fun with C.exe/hauntpc.exe -> Not-A-Virus.BadJoke.Win32.Hauntpc : Cleaned.
:mozilla.50:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.85:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.58:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.74:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.60:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.21:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.22:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.52:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.59:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.86:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.51:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.68:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.69:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.56:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

0

ya... :( i still have that problem....from past 2 days i am getting that error once again :( !!! what to do now ???
thanks....

0

thanks god... got it downloaded somehow....
this is the log of combofix.exe....

"Narendra" - 07-04-02 22:59:15 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "D:\Program Files\Common Files\mozilla.org\GRE\1.7.13_2006041421"


((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 ))))))))))))))))))))))))))))))))))


2007-03-28 00:11 <DIR> d-------- D:\Program Files\MegauploadToolbar
2007-03-28 00:11 <DIR> d-------- D:\DOCUME~1\Narendra\APPLIC~1\MegauploadToolbar
2007-03-26 22:55 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2007-03-23 20:38 <DIR> d--hs---- D:\FOUND.006
2007-03-23 20:28 <DIR> d--hs---- D:\FOUND.005
2007-03-23 16:32 <DIR> d--hs---- D:\FOUND.004
2007-03-22 19:19 <DIR> d--hs---- D:\FOUND.003
2007-03-20 23:27 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-11 20:26 <DIR> d-------- D:\DOCUME~1\Narendra\APPLIC~1\Nokia Multimedia Player
2007-03-11 20:22 <DIR> d-------- D:\DOCUME~1\Narendra\APPLIC~1\Nokia
2007-03-11 20:20 8,704 --a------ D:\WINDOWS\system32\drivers\nmwcdc.sys
2007-03-11 20:20 50,688 --a------ D:\WINDOWS\system32\nmwcdcls.dll
2007-03-11 20:20 4,608 --a------ D:\WINDOWS\system32\nmwcdlog.dll
2007-03-11 20:20 30,720 --a------ D:\WINDOWS\system32\nmwcdcocls.dll
2007-03-11 20:20 13,312 --a------ D:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-03-11 20:20 127,488 --a------ D:\WINDOWS\system32\drivers\nmwcd.sys
2007-03-11 20:20 <DIR> d-------- D:\WINDOWS\system32\DRVSTORE
2007-03-11 20:20 <DIR> d-------- D:\Program Files\Nokia
2007-03-11 20:20 <DIR> d-------- D:\Program Files\DIFX
2007-03-11 20:20 <DIR> d-------- D:\Program Files\Common Files\PCSuite
2007-03-11 20:20 <DIR> d-------- D:\Program Files\Common Files\Nokia
2007-03-11 20:20 <DIR> d-------- D:\DOCUME~1\Narendra\APPLIC~1\PC Suite
2007-03-11 20:20 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-03-11 20:19 <DIR> d--hs---- D:\WINDOWS\ftpcache
2007-03-03 10:47 <DIR> d--hs---- D:\FOUND.002


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-21 22:29 -------- d-------- D:\Program Files\trojan remover
2007-02-21 22:29 -------- d-------- D:\DOCUME~1\Narendra\APPLIC~1\simply super software
2007-02-21 21:33 -------- d-------- D:\Program Files\regcure
2007-02-20 22:49 -------- d-------- D:\Program Files\regcleaner
2007-02-20 22:37 5 --ahs---- D:\WINDOWS\system32\cafcc5_g.dll
2007-02-20 22:37 -------- d-------- D:\Program Files\regsupreme
2007-02-19 21:47 -------- d-------- D:\Program Files\clean disk security
2007-02-19 21:47 -------- d-------- D:\Program Files\ccleaner
2007-02-19 19:59 99024 --a------ D:\WINDOWS\mozillauninstall.exe
2007-02-19 19:59 98512 --a------ D:\WINDOWS\greuninstall.exe
2007-02-19 19:59 8326 --a------ D:\WINDOWS\mozver.dat
2007-02-01 21:52 335 --a------ D:\WINDOWS\nsreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"D:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"PcSync"="D:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"Smapp"="D:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"PinnacleDriverCheck"="D:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PCSuiteTrayApplication"="D:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Narendra^Start Menu^Programs^Startup^VCD AudoPlay Monitor.lnk]
"path"="D:\\Documents and Settings\\Narendra\\Start Menu\\Programs\\Startup\\VCD AudoPlay Monitor.lnk"
"backup"="D:\\WINDOWS\\pss\\VCD AudoPlay Monitor.lnkStartup"
"location"="Startup"
"command"="C:\\SthVCD\\VCDMOTOR.EXE "
"item"="VCD AudoPlay Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Narendra^Start Menu^Programs^Startup^WordWeb.lnk]
"path"="D:\\Documents and Settings\\Narendra\\Start Menu\\Programs\\Startup\\WordWeb.lnk"
"backup"="D:\\WINDOWS\\pss\\WordWeb.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\WordWeb\\wweb32.exe "
"item"="WordWeb"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AsusProb"
"hkey"="HKLM"
"command"="C:\\Program Files\\ASUS\\Probe\\AsusProb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKLM"
"command"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mozilla"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\mozilla.org\\Mozilla\\Mozilla.exe\" -turbo"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remoterm"
"hkey"="HKLM"
"command"="D:\\Program Files\\Pinnacle\\Shared Files\\Programs\\Remote\\Remoterm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMC"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe\" -host -clearDebug"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Trjscan"
"hkey"="HKLM"
"command"="D:\\Program Files\\Trojan Remover\\Trjscan.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"D:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c26d40a-8923-11db-9f55-000c6eba71ae}]
Shell\AutoRun\command .\Recycled\Driveinfo.exe
Shell\Open\Command .\Recycled\Driveinfo.exe


Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\RegCure.job
D:\WINDOWS\tasks\RegCure Program Check.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-02 23:01:40

0

Looks ok to me.
Download CCleaner and install, then run it.

  1. Uncheck "Cookies" under "Internet Explorer".
  2. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
  3. Close when finished.

==

Get your WinXP CD handy, then go to Start>Run and type "sfc /scannow" without the quotes (you don't get any report from the System File Checker, it just silently replaces and corrupt or missing system files that it finds).

==

Please go to http://www.kaspersky.com/virusscanner and do a full scan. Copy the report back here.

0

Hi this is the report of kaspersky...

Thursday, April 05, 2007 11:24:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update:  5/04/2007
Kaspersky Anti-Virus database records: 275425


Scan Settings                           Scan using the following antivirus database             standard                            Scan Archives           true                            Scan Mail Bases             trueScan Target             Critical Areas                                          D:\WINDOWS
D:\DOCUME~1\Narendra\LOCALS~1\Temp\Scan Statistics                          Total number of scanned objects             10261                           Number of viruses found             0                           Number of infected objects          0 / 0                           Number of suspicious objects            0                           Duration of the scan process            00:13:04Infected Object Name            Virus Name          Last Action                             D:\WINDOWS\system32\config\system.LOG                       Object is locked                        skipped
D:\WINDOWS\system32\config\software.LOG                     Object is locked                        skipped
D:\WINDOWS\system32\config\default.LOG                      Object is locked                        skipped
D:\WINDOWS\system32\config\SECURITY                     Object is locked                        skipped
D:\WINDOWS\system32\config\SAM                      Object is locked                        skipped
D:\WINDOWS\system32\config\SAM.LOG                      Object is locked                        skipped
D:\WINDOWS\system32\config\SECURITY.LOG                     Object is locked                        skipped
D:\WINDOWS\system32\config\AppEvent.Evt                     Object is locked                        skipped
D:\WINDOWS\system32\config\SecEvent.Evt                     Object is locked                        skipped
D:\WINDOWS\system32\config\SysEvent.Evt                     Object is locked                        skipped
D:\WINDOWS\system32\config\SYSTEM                       Object is locked                        skipped
D:\WINDOWS\system32\config\SOFTWARE                     Object is locked                        skipped
D:\WINDOWS\system32\config\DEFAULT                      Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP                     Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP                     Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER                      Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP                        Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP                      Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA                     Object is locked                        skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR                        Object is locked                        skipped
D:\WINDOWS\system32\CatRoot2\edb.log                        Object is locked                        skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb                        Object is locked                        skipped
D:\WINDOWS\system32\h323log.txt                     Object is locked                        skipped
D:\WINDOWS\Debug\PASSWD.LOG                     Object is locked                        skipped
D:\WINDOWS\Sti_Trace.log                        Object is locked                        skipped
D:\WINDOWS\wiaservc.log                     Object is locked                        skipped
D:\WINDOWS\wiadebug.log                     Object is locked                        skipped
D:\WINDOWS\WindowsUpdate.log                        Object is locked                        skipped
D:\WINDOWS\SchedLgU.Txt                     Object is locked                        skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log                     Object is locked                        skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{2FDEC631-82DE-4476-859E-FD95F576D58C}.bin                       Object is locked                        skipped
D:\DOCUME~1\Narendra\LOCALS~1\Temp\Perflib_Perfdata_a74.dat                     Object is locked                        skipped
D:\DOCUME~1\Narendra\LOCALS~1\Temp\~DF20CD.tmp                      Object is locked                        skipped
D:\DOCUME~1\Narendra\LOCALS~1\Temp\Perflib_Perfdata_878.dat                     Object is locked                        skipped
D:\DOCUME~1\Narendra\LOCALS~1\Temp\fla340.tmp                       Object is locked                        skippedScan process completed.
and this is the report of AVG (did scan once again)



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------


+ Created at:    11:00:12 PM 4/6/2007


+ Scan result:


:mozilla.95:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.68:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.70:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\Narendra\Cookies\narendra@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.92:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.93:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.94:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.98:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\Narendra\Cookies\narendra@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\Narendra\Cookies\narendra@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.100:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.55:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.56:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.57:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.20:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.21:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.47:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Netflame : No action taken.
D:\Documents and Settings\Narendra\Cookies\narendra@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.118:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.61:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.60:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.106:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.107:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.108:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.109:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.110:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.111:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.54:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.64:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.65:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.66:D:\Documents and Settings\Narendra\Application Data\Mozilla\Profiles\default\5l92u7b7.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.



::Report end

Edited by pritaeas: Fixed formatting

0

ya.. i have tried everything what u have told till now.. what to do further... ?? any other way other than formatting ???
whether really reinstalling XP fixes the problem ????

0

You can try a repair install of XP. No files will be lost, but you will need to replace any service packs/updates when done.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.