# web pages not opening--help



## prathap_lab (Apr 1, 2005)

hi,
    i have hp pavilion pc and data one connection. every thing was working properly. but now a days many websites are not opening. it is not giving any error. websites like yahoomail.com,hotmail.com,microsoft.com and some from google search are not opening. but many other sites are opening properly and i am able to browse without any problem.

please help......

thank you.


----------



## swatkat (Apr 1, 2005)

Does they open in Borwsers like FireFox or Opera?
Also, search your Hard Disk for a file called _HOSTS_.

Also, post the HijackThis log file.
*www.majorgeeks.com/download3155.html


----------



## prathap_lab (Apr 1, 2005)

hi,
     i use only IE. i have never used FireFox or Opera.

     do i have to run hijackThis in safe mode or normal mode??


----------



## digen (Apr 1, 2005)

It would be better if you could scan with hijackthis under safe mode & post the log here.I'm sure swat will sort it all out.

EDIT:My mistake scan under normal mode,as rightly pointed by swat to me since all the processes wont get loaded under safe mode.


----------



## prathap_lab (Apr 2, 2005)

hi,
    sorry i forgot to mention about HOSTS file.

i found out this in search.
the HOSTS file is present in 
C:\i386 ----type of file= file
C:\windows\i386 ----type of file= file
C:\program Files\spybot-serach & destroy\includes ----type of file=         spyware supplemental file
C:\windows\system32\drivers\etc (2 files)----type of file= file & icalendar file
n:\sql server 7\nt4serve\i386 ----type of file= file
n:\from pari\sql server 7.0\nt4serve\i386 ----type of file= file

thank you.


----------



## swatkat (Apr 2, 2005)

Wait...scan using HijackThis in NORMAL MODE.


----------



## swatkat (Apr 2, 2005)

Also, open the HOSTS file present in _C:\windows\system32\drivers\etc_ using NotePad, and post the contents.


----------



## prathap_lab (Apr 2, 2005)

hi,
    sorry for late reply. i had gone to college. here is the hijackThis log


Logfile of HijackThis v1.99.1
Scan saved at 3:03:39 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hjthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = *www.sify.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105036587093
O16 - DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} (icePlayer Class) - *www.flashants.com/codebase/iceplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38DFAE0A-7392-42EA-A124-75EB30AEB6B3}: NameServer = 61.1.96.69 61.1.96.71
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



this is the contents of HOSTS file(file type=file)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost


this is the contents of HOSTS file(file type=icalendar)

## Copyright (c) 1993-2001 Microsoft Corp.
#
# This file has been automatically generated for use by Microsoft Internet
# Connection Sharing. It contains the mappings of IP addresses to host names
# for the home network. Please do not make changes to the HOSTS.ICS file.
# Any changes may result in a loss of connectivity between machines on the
# local network.
#

#192.168.0.77 pruthvi.mshome.net # 2005 2 4 3 18 2 36 750
#192.168.0.1 ZEUS.mshome.net # 2010 1 4 28 3 19 31 343

thank you.


----------



## swatkat (Apr 2, 2005)

prathap_lab said:
			
		

> hi,
> sorry for late reply. i had gone to college. here is the hijackThis log
> 
> 
> ...



Reboot in SAFE Mode, and close ALL Applications, and run only HijackThis.
Here click "Do only a System scan" button and then select the red entry above, and click "Fix".

Then delete these files, if they are found:-
1] powerreg scheduler v3.exe
2] webshots.lnk
3] powerreg
4] powerreg*scheduler v3.exe
5] powerreg scheduler.exe
6] Any folders having name like _"powerreg"_.
Find the files using Windows Search Feature.


And also folders with names like _"PowerReg"_.

Then, run McAfee Stinger and perform a FULL System scan.
*vil.nai.com/vil/stinger/

After this run CCLeaner and then CleanUp! and reboot the System to normal mode, and then check the problem.
*www.ccleaner.com/
*cleanup.stevengould.org/

Then run AdAware and perform a full system scan.
*www.lavasoftusa.com/software/adaware/

Post back the results


----------



## prathap_lab (Apr 2, 2005)

hi,
    fixed the files marked red.
    windows search found a single file powerreg* and i deleted it.
    stinger did not showed any infection.
    AdAware found some infection and fixes it.
    cleaned the system using CCleaner.

   AdAware log before fixing:

4-2-2005 11:09:10 PM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\search assistant\acmru
    Description        : list of recent search terms used with the search assistant


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
    Description        : list of recent documents opened by microsoft word


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
    Description        : list of recent documents saved by microsoft word


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\internet explorer\main
    Description        : last save directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\realnetworks\realplayer\6.0\preferences
    Description        : list of recent skins in realplayer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\internet explorer
    Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\mediaplayer\preferences
    Description        : last cd record path used in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\mediaplayer\player\settings
    Description        : last open directory used in jasc paint shop pro


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\musicmatch
    Description        : download location of the musicmatch installer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\realnetworks\realplayer\6.0\preferences
    Description        : list of recent clips in realplayer


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\realnetworks\realplayer\6.0\preferences
    Description        : last login time in realplayer


 MRU List Object Recognized!
    Location:          : software\musicmatch\musicmatch jukebox\4.0\fileconv
    Description        : file conversion location settings in musicmatch jukebox


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\mediaplayer\medialibraryui
    Description        : last selected node in the microsoft windows media player media library


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : S-1-5-21-2703311569-2743505272-3454667343-1003\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
    Description        : list of recently opened documents using microsoft office


 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Owner\recent
    Description        : list of recently opened documents


Listing running processes
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 544
    ThreadCreationTime : 4-2-2005 4:37:38 PM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 612
    ThreadCreationTime : 4-2-2005 4:37:40 PM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 636
    ThreadCreationTime : 4-2-2005 4:37:40 PM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 680
    ThreadCreationTime : 4-2-2005 4:37:40 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 692
    ThreadCreationTime : 4-2-2005 4:37:40 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 856
    ThreadCreationTime : 4-2-2005 4:37:41 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 904
    ThreadCreationTime : 4-2-2005 4:37:41 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 972
    ThreadCreationTime : 4-2-2005 4:37:41 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1040
    ThreadCreationTime : 4-2-2005 4:37:42 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1100
    ThreadCreationTime : 4-2-2005 4:37:42 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1232
    ThreadCreationTime : 4-2-2005 4:37:42 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:12 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1508
    ThreadCreationTime : 4-2-2005 4:38:00 PM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:13 [hpsysdrv.exe]
    FilePath           : C:\windows\system\
    ProcessID          : 1624
    ThreadCreationTime : 4-2-2005 4:38:01 PM
    BasePriority       : Normal
    FileVersion        : 1, 7, 0, 0
    ProductVersion     : 1, 7, 0, 0
    ProductName        : hpsysdrv
    CompanyName        : Hewlett-Packard Company
    FileDescription    : hpsysdrv
    InternalName       : hpsysdrv
    LegalCopyright     : Copyright Â© 1998
    OriginalFilename   : hpsysdrv.exe

#:14 [hkcmd.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1632
    ThreadCreationTime : 4-2-2005 4:38:01 PM
    BasePriority       : Normal
    FileVersion        : 3.0.0.4277
    ProductVersion     : 7.0.0.4277
    ProductName        : Intel(R) Common User Interface
    CompanyName        : Intel Corporation
    FileDescription    : hkcmd Module
    InternalName       : HKCMD
    LegalCopyright     : Copyright 1999-2004, Intel Corporation
    OriginalFilename   : HKCMD.EXE

#:15 [hpqcmon.exe]
    FilePath           : C:\Program Files\HP\Digital Imaging\Unload\
    ProcessID          : 1644
    ThreadCreationTime : 4-2-2005 4:38:01 PM
    BasePriority       : Normal
    FileVersion        : 2.0.0.133
    ProductVersion     : 2.0.0.133
    ProductName        : HpqCmon Application
    FileDescription    : HpqCmon MFC Application
    InternalName       : HpqCmon
    LegalCopyright     : Copyright (C) 2001
    OriginalFilename   : HpqCmon.EXE

#:16 [hphmon05.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1660
    ThreadCreationTime : 4-2-2005 4:38:02 PM
    BasePriority       : Normal
    FileVersion        : 5,0,84
    ProductVersion     : 5,0,84
    ProductName        : HP Photosmart
    CompanyName        : Hewlett-Packard
    FileDescription    : HPHmon05
    InternalName       : HPHmon05
    LegalCopyright     : Copyright (C) 2003
    OriginalFilename   : HPHmon05.exe

#:17 [kbd.exe]
    FilePath           : C:\HP\KBD\
    ProcessID          : 1668
    ThreadCreationTime : 4-2-2005 4:38:02 PM
    BasePriority       : High


#:18 [wincinemamgr.exe]
    FilePath           : C:\Program Files\InterVideo\Common\bin\
    ProcessID          : 1692
    ThreadCreationTime : 4-2-2005 4:38:02 PM
    BasePriority       : Normal
    FileVersion        : 1.8.0
    ProductVersion     : 1, 8, 0, 0
    ProductName        : WinCinema Manager for InterVideo WinCinema products
    CompanyName        : InterVideo Inc.
    FileDescription    : WinCinema Manager
    InternalName       : WinCinema Manager
    LegalCopyright     : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
    OriginalFilename   : WinCinemaMgr.EXE

#:19 [schsvr.exe]
    FilePath           : C:\Program Files\Common Files\InterVideo\SchSvr\
    ProcessID          : 1700
    ThreadCreationTime : 4-2-2005 4:38:02 PM
    BasePriority       : Normal
    FileVersion        : 3.0.79.139
    ProductVersion     : 3.0.79.139
    ProductName        : InterVideo(R) WinDVR
    CompanyName        : InterVideo Inc.
    FileDescription    : InterVideo Schedule Server
    InternalName       : SchSvr
    LegalCopyright     : Copyright (C) 2000-2002 InterVideo Inc.
    OriginalFilename   : SchSvr.EXE

#:20 [shwicon2k.exe]
    FilePath           : C:\Program Files\Multimedia Card Reader\
    ProcessID          : 1776
    ThreadCreationTime : 4-2-2005 4:38:04 PM
    BasePriority       : Idle
    FileVersion        : 1, 0, 0, 7
    ProductVersion     : 1, 0, 0, 7
    ProductName        : Alcor Micro Sunkist
    CompanyName        : Alcor Micro, Corp.
    FileDescription    : Sunkist
    InternalName       : Sunkist
    LegalCopyright     : Copyright c 2002
    OriginalFilename   : Sunkist.exe

#:21 [mmtask.exe]
    FilePath           : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
    ProcessID          : 1784
    ThreadCreationTime : 4-2-2005 4:38:04 PM
    BasePriority       : Normal
    FileVersion        : 1.0.0.1
    ProductVersion     : 1.0.0.1
    ProductName        : TODO: <Product name>
    CompanyName        : TODO: <Company name>
    FileDescription    : TODO: <File description>
    InternalName       : mmtask.exe
    LegalCopyright     : TODO: (c) <Company name>.  All rights reserved.
    OriginalFilename   : mmtask.exe

#:22 [hpgs2wnd.exe]
    FilePath           : C:\Program Files\HP\HP Share-to-Web\
    ProcessID          : 1808
    ThreadCreationTime : 4-2-2005 4:38:04 PM
    BasePriority       : Normal
    FileVersion        : 2,3,0,0\Â 162
    ProductVersion     : 2,3,0,0\Â 162
    ProductName        : Hewlett-Packard hpgs2wnd
    CompanyName        : Hewlett-Packard
    FileDescription    : hpgs2wnd
    InternalName       : hpgs2wnd
    LegalCopyright     : Copyright Â© 2001
    OriginalFilename   : hpgs2wnd.exe

#:23 [alcxmntr.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1816
    ThreadCreationTime : 4-2-2005 4:38:04 PM
    BasePriority       : Normal
    FileVersion        : 1.5
    ProductVersion     : 1.5
    ProductName        : Realtek Audio - Event Monitor
    CompanyName        : Realtek Semiconductor Corp.
    FileDescription    : Realtek Audio - Event Monitor
    InternalName       : Alcxmntr
    LegalCopyright     : Copyright (c) 2004 Realtek Semiconductor Corp.
    OriginalFilename   : Alcxmntr.exe

#:24 [realsched.exe]
    FilePath           : C:\Program Files\Common Files\Real\Update_OB\
    ProcessID          : 1824
    ThreadCreationTime : 4-2-2005 4:38:05 PM
    BasePriority       : Normal
    FileVersion        : 0.1.0.3208
    ProductVersion     : 0.1.0.3208
    ProductName        : RealPlayer (32-bit) 
    CompanyName        : RealNetworks, Inc.
    FileDescription    : RealNetworks Scheduler
    InternalName       : schedapp
    LegalCopyright     : Copyright Â© RealNetworks, Inc. 1995-2004
    LegalTrademarks    : RealAudio(tm) is a trademark of RealNetworks, Inc.
    OriginalFilename   : realsched.exe

#:25 [avgcc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVG7\
    ProcessID          : 1836
    ThreadCreationTime : 4-2-2005 4:38:05 PM
    BasePriority       : Normal
    FileVersion        : 7,0,0,303
    ProductVersion     : 7.0.0.303
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Control Center
    InternalName       : AvgCC
    LegalCopyright     : Copyright Â© 2004, GRISOFT, s.r.o.
    OriginalFilename   : AvgCC.EXE

#:26 [jusched.exe]
    FilePath           : C:\Program Files\Java\j2re1.4.2_07\bin\
    ProcessID          : 1864
    ThreadCreationTime : 4-2-2005 4:38:05 PM
    BasePriority       : Normal


#:27 [rundll32.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1912
    ThreadCreationTime : 4-2-2005 4:38:06 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Run a DLL as an App
    InternalName       : rundll
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : RUNDLL.EXE

#:28 [hpgs2wnf.exe]
    FilePath           : C:\Program Files\HP\HP Share-to-Web\
    ProcessID          : 1920
    ThreadCreationTime : 4-2-2005 4:38:06 PM
    BasePriority       : Normal
    FileVersion        : 2, 6, 0,Â 162
    ProductVersion     : 2, 6, 0,Â 162
    ProductName        : hpgs2wnf Module
    FileDescription    : hpgs2wnf Module
    InternalName       : hpgs2wnf
    LegalCopyright     : Copyright 2001
    OriginalFilename   : hpgs2wnf.EXE

#:29 [hpwuschd2.exe]
    FilePath           : C:\Program Files\HP\HP Software Update\
    ProcessID          : 1972
    ThreadCreationTime : 4-2-2005 4:38:06 PM
    BasePriority       : Normal
    FileVersion        : 50.0.146.000
    ProductVersion     : 050.000.146.000
    ProductName        : hp digital imaging - hp all-in-one series
    CompanyName        : Hewlett-Packard Co.
    FileDescription    : Hewlett-Packard Product Assistant
    InternalName       : hpwuSchd2
    LegalCopyright     : Copyright (C) Hewlett-Packard Co. 1995-2004
    OriginalFilename   : hpwuSchd2.exe
    Comments           : Hewlett-Packard Product Assistant

#:30 [pchbutton.exe]
    FilePath           : C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\
    ProcessID          : 1980
    ThreadCreationTime : 4-2-2005 4:38:06 PM
    BasePriority       : Normal
    FileVersion        : 4.12.0.pchealthclient.pchclient.20030613_172000
    ProductVersion     : 4.12.0.pchealthclient.pchclient
    ProductName        : Motive System
    CompanyName        : Motive Communications, Inc.
    InternalName       : PCHButton
    LegalCopyright     : Copyright 1998-2003
    OriginalFilename   : PCHButton

#:31 [ctfmon.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2032
    ThreadCreationTime : 4-2-2005 4:38:06 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : CTF Loader
    InternalName       : CTFMON
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : CTFMON.EXE

#:32 [bandwidth monitor pro.exe]
    FilePath           : C:\Program Files\Bandwidth Monitor Pro\
    ProcessID          : 144
    ThreadCreationTime : 4-2-2005 4:38:07 PM
    BasePriority       : Normal
    FileVersion        : 1.29
    ProductVersion     : 1.29
    ProductName        : Bandwidth Monitor Pro
    CompanyName        : ProÂ²soft
    FileDescription    : Displays and logs your network adapters bandwidth usage
    InternalName       : Bandwidth Monitor Pro
    LegalCopyright     : 2002-2003 Sindre Helleseth
    OriginalFilename   : Bandwidth Monitor Pro.exe
    Comments           : Displays and logs your network adapters bandwidth usage

#:33 [hpqtra08.exe]
    FilePath           : C:\Program Files\HP\Digital Imaging\bin\
    ProcessID          : 284
    ThreadCreationTime : 4-2-2005 4:38:10 PM
    BasePriority       : Normal
    FileVersion        : 5.31.0.147
    ProductVersion     : 005.031.000.147
    ProductName        : hp digital imaging - hp all-in-one series
    CompanyName        : Hewlett-Packard Co.
    FileDescription    : HP Digital Imaging Monitor (CUE)
    InternalName       : HPQTRA00
    LegalCopyright     : Copyright (C) Hewlett-Packard Co. 1995-2001
    OriginalFilename   : HPQTRA00.EXE
    Comments           : HP Digital Imaging Monitor (CUE)

#:34 [backweb-137903.exe]
    FilePath           : C:\Program Files\Updates from HP\137903\Program\
    ProcessID          : 420
    ThreadCreationTime : 4-2-2005 4:38:11 PM
    BasePriority       : Normal


#:35 [photoshopelementsfileagent.exe]
    FilePath           : C:\Program Files\Adobe\Photoshop Elements 3.0\
    ProcessID          : 1184
    ThreadCreationTime : 4-2-2005 4:38:51 PM
    BasePriority       : Normal


#:36 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVG7\
    ProcessID          : 1404
    ThreadCreationTime : 4-2-2005 4:38:51 PM
    BasePriority       : Normal
    FileVersion        : 7,0,0,303
    ProductVersion     : 7.0.0.303
    ProductName        : AVG Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright Â© 2004, GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:37 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVG7\
    ProcessID          : 1448
    ThreadCreationTime : 4-2-2005 4:38:52 PM
    BasePriority       : Normal
    FileVersion        : 7,0,0,301
    ProductVersion     : 7.0.0.301
    ProductName        : AVG 7.0 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright Â© 2004, GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:38 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1380
    ThreadCreationTime : 4-2-2005 4:38:52 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:39 [mdm.exe]
    FilePath           : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
    ProcessID          : 1264
    ThreadCreationTime : 4-2-2005 4:38:52 PM
    BasePriority       : Normal
    FileVersion        : 7.00.9064.9150
    ProductVersion     : 7.00.9064.9150
    ProductName        : Microsoft Development Environment
    CompanyName        : Microsoft Corporation
    FileDescription    : Machine Debug Manager
    InternalName       : mdm.exe
    LegalCopyright     : Copyright (C) Microsoft Corp. 1997-2000
    OriginalFilename   : mdm.exe

#:40 [photoshopelementsdeviceconnect.exe]
    FilePath           : C:\Program Files\Adobe\Photoshop Elements 3.0\
    ProcessID          : 1620
    ThreadCreationTime : 4-2-2005 4:38:52 PM
    BasePriority       : Normal


#:41 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1860
    ThreadCreationTime : 4-2-2005 4:38:53 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:42 [wdfmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 2164
    ThreadCreationTime : 4-2-2005 4:38:56 PM
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: DNSRV(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:43 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 2924
    ThreadCreationTime : 4-2-2005 4:39:05 PM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : MicrosoftÂ® WindowsÂ® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : Â© Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:44 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 1068
    ThreadCreationTime : 4-2-2005 5:38:01 PM
    BasePriority       : Normal
    FileVersion        : 6.2.0.206
    ProductVersion     : VI.Second Edition
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright Â© Lavasoft Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 27


Started registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Registry Scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 27


Started deep registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Deep registry scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 27


Started Tracking Cookie scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»


Tracking cookie scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 27



Deep scanning and examining files (C
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : pruthvi@doubleclick[1].txt
    Category           : Data Miner
    Comment            : 
    Value              : C:\Documents and Settings\Pruthvi\Cookies\pruthvi@doubleclick[1].txt

 WindUpdates Object Recognized!
    Type               : File
    Data               : A0032742.exe
    Category           : Malware
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP70\



 VX2 Object Recognized!
    Type               : File
    Data               : A0034799.exe
    Category           : Malware
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP83\
    FileVersion        : 1, 0, 2, 17
    ProductVersion     : 0, 0, 7, 0
    ProductName        : TODO: <Product name>
    CompanyName        : TODO: <Company name>
    FileDescription    : TODO: <File description>
    LegalCopyright     : TODO: (c) <Company name>.  All rights reserved.


 VX2 Object Recognized!
    Type               : File
    Data               : A0034800.dll
    Category           : Malware
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP83\
    FileVersion        : 0, 9, 4, 67
    ProductVersion     : 0, 9, 4, 67
    ProductName        : btgrab
    CompanyName        : BTGrab
    FileDescription    : www.btgrab.com
    LegalCopyright     : Copyright Â© 2004
    OriginalFilename   : btgrab.dll
    Comments           : www.btgrab.com


 H@tKeysH@@k Object Recognized!
    Type               : File
    Data               : A0034801.DLL
    Category           : Data Miner
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP83\



 WindUpdates Object Recognized!
    Type               : File
    Data               : A0034802.vxd
    Category           : Malware
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP83\



 BargainBuddy Object Recognized!
    Type               : File
    Data               : A0034803.exe
    Category           : Malware
    Comment            : 
    Object             : C:\System Volume Information\_restore{BD0E40D2-3674-40FC-BA13-3F1DB772E671}\RP83\



Disk Scan Result for C:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 34


Deep scanning and examining files (D
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for D:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 34


Deep scanning and examining files (M
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for M:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 34


Deep scanning and examining files (N
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for N:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 34


Deep scanning and examining files (O
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for O:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 34


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Hosts file scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
1 entries scanned.
New critical objects:0
Objects found so far: 34




Performing conditional scans...
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

 VX2 Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\internet explorer\toolbar\webbrowser
    Value              : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 1
Objects found so far: 35

11:27:43 PM Scan Complete

Summary Of This Scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Total scanning time:00:18:33.109
Objects scanned:286283
Objects identified:8
Objects ignored:0
New critical objects:8


thank you.


----------



## prathap_lab (Apr 2, 2005)

hi,
    but still hotmail.com and microsoft.com are not opening.
    i am accessing my hotmail account from msn explorer.

thank you.


----------



## swatkat (Apr 3, 2005)

Now, those websites open or not?
Also, do a scan Trojan Hunter.
*www.trojanhunter.com/


----------



## prathap_lab (Apr 3, 2005)

hi,
   i installed trojan hunter. it scanned, found some infection and fixed it.

 but still i am not able to open microsoft.com & hotmail.com

i even downloaded and installed firefox. but these 2 sites wont open in firefox also. it gave alert message "The document contains no data."

helpppp.

thank you.


----------



## swatkat (Apr 3, 2005)

Do you have any Firewall or AdBlocker installed? If yes, turn the Ad-Blocking feature OFF in Firewall or AdBlocker and then try.
You seem to have a lot of _baddies_, do you have a fast internet connection, if yes, perform an Online Virus scan at TrendMicro HouseCall.
*housecall.trendmicro.com/


Then, perform a SPyware scan a eTrust PestPatrol. This Spyware scan does not remove any spywares if it finds, but only lists them, so post back the results.
*store.ca.com/dr/v2/ec_main.entry25?page=freePestPatrolScan&client=ComputerAssociates&sid=35715


----------



## prathap_lab (Apr 3, 2005)

hi,
   i have only winxp sp2 firewall and spywareblaster.
   what should i do???
thank you.


----------



## swatkat (Apr 3, 2005)

First try this, disable popup blocking in Internet Explorer and FireFox.
In IE, go to Tools> Popup Blocker> Turn off popup blocking. In FireFox, go to Tools> Options> Web Features, and then uncheck popup blocking.

If this doesnt fix the problem, get LSPFix and post a screenshot of it, dont remove anything there!
*www.cexx.org/lspfix.htm


----------



## prathap_lab (Apr 3, 2005)

hi,
    online scan at TrendMicro found some infection and cleared it.

    even after turning off the popup blocking in IE and firefox the page did not opened.

here is the screenshot of LSPFix:

*img125.exs.cx/img125/7615/lspfix8iz.jpg


----------



## swatkat (Apr 3, 2005)

Winsock layers are alright....
Do try this:-
Open FireFox, and in the address bar, type *about:config* and press ENTER.
Then in the _Filter_ box, copy and paste this text:-
*browser.xul.error_pages.enabled*
This will display the corresponding Filtes, then set it's *Value* to "True".
Also, disable Windows Firewall and check with FireFox and IE.

Then, download CWShredder, and install it. Reboot in SAFE Mode and scan your computer using it.
*cwshredder.net/bin/CWShredder.exe


----------



## prathap_lab (Apr 3, 2005)

hi,
    i changed the value to true. but the site did not opened.
    i switched off the firewall, even then the site did not opened(both in IE & firefox).
    i have downloaded the cwshredder. i will install it,run the scan and post the result later.

   this time in firefox i got this error when trying to open the site.

*img203.exs.cx/img203/2452/firefox7lj.jpg

thank you.


----------



## prathap_lab (Apr 3, 2005)

hi,
   scanned the system using CWshredder. it did not found any infection.
   the problem is still present.

thank you.


----------



## swatkat (Apr 4, 2005)

Do try this:-
Go to Start> Run and type *netsh winsock reset* and press ENTER.


----------



## ashnet (Apr 4, 2005)

Hi,

How do you connct to the internet? are you using a dial-up connection or broadband connection?
rename the hosts file  & then restart the computer.
please ping the url and the ip address by going to the command prompt and post the ping statistics.
if you are getting ping successful when you ping the url and the ip address. please repair IE
if the issue still persists, perform a telnet test
type "telnet www.yahoo.com 80" at the command prompt and press enter.
if you get the result could not open connection to port 80 then you need to disable the firewall. ( as win xp SP2 by default has a firewall enabled)
also try disabling the anti-virus software


----------



## djmykey (Apr 4, 2005)

me too facing similar problems even imageshack isnt opening. im dead man. pls help me my hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 8:51:48 AM, on 4/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\DAP\DAP.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Mec_2\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA74D3E8-7DDB-4658-A085-F4015F7166D8}: NameServer = 61.1.96.69 61.1.96.71
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

pls tell me what to do.


----------



## djmykey (Apr 4, 2005)

Sorry but Spybot did the trick. Thanks swatkat for all those suggestions and support man. U dunno u savd me a lot of dilemma man thanks.


----------



## swatkat (Apr 4, 2005)

@djmykey, HJT log is alright, but update Internet Explorer to 6 SP1. Also, what did SpyBot SnD remove?


----------



## prathap_lab (Apr 4, 2005)

hi,

   @ashnet: i use bsnl's dataone broadband connection.
   ping gave "Request timed out" error.

   @swatkat: even after executing that cmd, no progress.

thank you.


----------



## djmykey (Apr 4, 2005)

Why am I supposed to update to IE 6, swatkat pls clear some things for me na?? And I'm still facing some problems for some sites.


----------



## swatkat (Apr 4, 2005)

This may be happening because the connection is being dropped due to the higher size of packets.

Both of you, download Dr.TCP and post a screenshot of it.
*www.dslreports.com/drtcp?nav=12

If you have MaxMTU as "1500" make it as "1492" and check with the WebPages, if this does not work, change the size to "1472".

But before doing this, go to Start> Run and type *regedit* and press ENTER.
There click File> Export, and here type a file name and export the WHOLE registry.


----------



## prathap_lab (Apr 4, 2005)

hi,
    swatkat here is the screenshot.

*img185.exs.cx/img185/7082/tcp8rj.jpg   

    but it is not showing anything.
    even after changing the value of MaxMTU to 1492 or 1472, the problem still persists.
   now do i have to import the registry.

thank you.


----------



## swatkat (Apr 5, 2005)

Where did you entered the MTU value? Enter the MTU value in _Dial Up (RAS) MTU_ box and click "Save" and reboot.
If you want to revert back, then delete the entered number and click Save and reboot.

Also, if you keep on refreshing the page, do they load?


----------



## prathap_lab (Apr 5, 2005)

hi,
    i tried that also. but it was of no use. the problem still persists.

    i am getting frustrated.    don't know what to do.

thank you.


----------



## djmykey (Apr 5, 2005)

swatkat ie6 sp1 is not getting installed on my machine and whenever i want to check my yahoo mail i gotta run spybot first and then i cna check my mail.
the entry it deletes is 

DSO Exploit 

HKEY_USERS\S-1-5-21-606747145-1957994488-1708537768-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

It shows it as an registry chnage. Pls help me man coz my dad's killing me.


----------



## it_waaznt_me (Apr 6, 2005)

Nah .. You dont have to remove this entry as this is a Bug in Spybot SnD itselft ..  You dont have to worry about it whle the Zone ID is 3 ..  ...


----------



## digen (Apr 6, 2005)

> The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it will not be dangerous for your system. Spybot S&D will still find it, because it contains an invalid value. Spybot S&D just has to reset that value. Unfortunately, in the current version, it sets again an incorrect value, so it is found in the next scan. Please update your main program.



mike download the fix from here


----------



## swatkat (Apr 6, 2005)

@prathap, Well, this may be the problem with the ISP itself.
Anyway, try these steps:-
1] Open IE, go to Tools> Internet Options. Here click "Advanced" tab, and CHECK these items:-
a] Use HTTP 1.1
b] Use HTTP 1.1 through Proxy
c] Use SSL 2.0
d] Use SSL 3.0
And UNCHECK this entry:-
a] Enable third party browser extension.

2] Download and install RefreshIE and configure it to refresh the page. Please read the instructions in their site.
*www.iansharpe.com/refreshie2help.php

@digen, That DSO Exploit Fix in MajorGeeks is an internal Test version (TX version) and is not a final release.
But installing SpyBot SnD 1.3 and updating it would solve the problem.


----------



## prathap_lab (Apr 7, 2005)

hi,
    swakat i can open microsoft.com now. see the screenshot and you will come to know the reason for the problem.

*img79.exs.cx/img79/2999/virus6xw.jpg

*thank you very very much* for your help swatkat. man, you are like a database of solutions. you have thought me so much.

thank you once again for your time and help.

thank you.


----------



## djmykey (Apr 7, 2005)

Hey ppl removing that dso exploit works for me but still i cant browse ms sites and also imageshack tho yahoo works kinda crippled for me. pls help me. Btw im now on win 98.


----------



## swatkat (Apr 7, 2005)

prathap_lab said:
			
		

> hi,
> swakat i can open microsoft.com now. see the screenshot and you will come to know the reason for the problem.
> 
> *img79.exs.cx/img79/2999/virus6xw.jpg
> ...


wow....i am glad that your problem is solved!  
Did you made those changes in IE options mentioned in my above post?
To make sure that everything is clean,you have to remove the Java JAR Cache, follow the instructions here.
*java.com/en/download/help/cache_virus.xml


----------



## prathap_lab (Apr 9, 2005)

hi,
    sorry for late reply. there was some problem with bsnl's dataone.

    i did not made the changes in IE options. even without doing it started to work. should i make those changes now?

i cleaned the java JAR cache and now every thing is fine.

thank you.


----------



## swatkat (Apr 9, 2005)

There is no need to make those changes in IE if everything's working fine.


----------



## djmykey (Apr 10, 2005)

Hey ppl I'm still unable to browse yahoo properly it gets stuck at f11.yahoo something. pls help me.


----------



## swatkat (Apr 10, 2005)

@dj, Ya, that's some problem with Yahoo.
Which browser you are using? I think IE asks you that "some script is running very slow" and it gives you an option to disable that script, if you disable it, site will open.
Try this in IE:-
Go to Tools> Internet Options, here click _Advanced_ tab and UNCHECK "Enable third party browser extension" option.


----------



## prathap_lab (Apr 10, 2005)

hi,
    swatkat the problem is occuring again.   . i don't know what to do.
    i know i am wasting your time. sorry for that.
    this time just posting to tell you. that's all.
    i even changed the IE options that you had mentioned and the virus is also not present in the system. i think it's my bad luck.
    don't bother to reply.
 thank you.


----------



## swatkat (Apr 10, 2005)

That may the problem with your Internet Service Provider. Anyway, try with Opera!
*www.opera.com/download/


----------



## prathap_lab (Apr 11, 2005)

hi,
    swatkat even the link
   *www.opera.com/download/
   is not opening.
thank you.


----------



## swatkat (Apr 11, 2005)

Hmm....rename all your HOSTS file (to something like HOSTSOld ) and then try.

Also, try this, perform a Spyware scan at eTrust PestPatrol (this requires Internet Explorer), and post the result it gives.
*store.ca.com/dr/v2/ec_main.entry25?page=freePestPatrolScan&client=ComputerAssociates&sid=35715


----------



## djmykey (Apr 11, 2005)

prathap what os are you on. if ur on win xp then update to sp2 i think that plugs most of the things and ull be fine and also use a firewall ok. ill get back to u in a day or two.


----------



## prathap_lab (Apr 12, 2005)

hi,
    swatkat i will try the things you have told. but before that i had something to tell.
    the sites which are not opening in WinXP are opening in linux. i even downloaded for microsoft.com. 
    so i think it is OS problem ie.. problem with WinXP.
   @djmykey, my OS is Win XP home edition with SP2.
thank you.


----------



## digen (Apr 13, 2005)

This may be of little or no help can you check your event viewer logs?
Start>run>eventvwr
Check the logs under under system & application.


----------



## prathap_lab (Apr 13, 2005)

hi,
   digen.  what am i supposed to find there?
thank you.


----------



## swatkat (Apr 13, 2005)

Have you performed the Online Spyware scan at PestPatrol.
Install ZoneAlarm Free Firewall and then allow only Browsers and AntiVirus to connect to internet.
*www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp


----------



## digen (Apr 14, 2005)

prathap_lab said:
			
		

> hi,
> digen.  what am i supposed to find there?
> thank you.


Note of any errors along with their EventId.


```
Event Types
The description of each event that is logged depends on the type of event. Each event in a log can be classified into one of the following types: 
•	Information 

An event that describes the successful operation of a task, such as an application, driver, or service. For example, an Information event is logged when a network driver loads successfully. 	
•	Warning 

An event that is not necessarily significant, however, may indicate the possible occurrence of a future problem. For example, a Warning message is logged when disk space starts to run low. 	
•	Error 

An event that describes a significant problem, such as the failure of a critical task. Error events may involve data loss or loss of functionality. For example, an Error event is logged if a service fails to load during startup.
```

You can learn more about event viewer from here: *support.microsoft.com/default.aspx?scid=kb;en-us;308427&sd=tech


----------



## prathap_lab (Apr 14, 2005)

hi,
    swatkat see the result of  the scan.

*img137.echo.cx/img137/1566/et0po.jpg

thank you.


----------



## prathap_lab (Apr 14, 2005)

hi,
    digen this is my event log.

*img226.echo.cx/img226/6080/app2pa.jpg


*img93.echo.cx/img93/1366/sys1iu.jpg

thank you.


----------



## swatkat (Apr 14, 2005)

You still have some Spywares which degrade the IE and System performance like TwainTech, Media Pass etc.

Do this:-

Boot in SAFE mode. Go to Control Panel> Add\Remove Programs. Here uninstall these things, if you find them:-
1]Wind Updates
2] Twain-Tech
3] LimeWire
4] Kazaa
5] Xolox
5] BearShare
6] MediaPass
7] BTGrab

Run CCleaner and CleanUp! (both) and then reboot.
CCleaner
CleanUp!

Get RegSupreme (not Pro) and then, run it (it asks for cache optimization, agree to it). Then click "Deep" scan and remove the junk it shows.
*www.macecraft.com/regsupreme/

If you can not find any of the above listed Spywares in Add/Remove list, inform the same. Uninstall those P2P apps for now, later when everything's become alright, you can reinstall good P2P tools like Shareaza.


----------



## digen (Apr 14, 2005)

Not only does he still have loads of scumware but also some worries with event id 1007.
Here are the possibilities for the error,
*eventid.net/display.asp?eventid=1007

I wont bother about the 4226 warning its a conncurrent connections fix imposed after installing/updating sp2.You can calmly leave this warning aside.


----------



## prathap_lab (Apr 14, 2005)

hi,
    swatkat except Limewire i dont have the other app. listed there. don't know why it is showing those. 
    the limewire which i have is PRO version ie.. without ads.
    anyway i have downloaded cleanUp and regsupreme and i will follow the procedure.

    digen: my errors are due to DHCP.
thank you.


----------



## prathap_lab (Apr 14, 2005)

hi,
   swatkat i followed the procedure. cleaned the registry and the system.
   but the problem still persists.
   and the entries to the above detected app. were not present in Add/Remove except for limewire.

p2p s/w which i use : limewire pro, shareaza, emule plus.

thank you.


----------



## djmykey (Apr 15, 2005)

ok prathap I know this thing sounds kinda wierd but still I wanted to share this with you. Limeware gave me also problems. That java thingy $crewed my pc man. So I junked it. My pick is that u use ares instead its nice I'm using it out here and mind u u get almost the same results (search results) as u get in Limewire. Remove limewire and that jave thingy and then clean ur pc for ads viruses then ull be good. just my 2 cents hope ur problem is solved.


----------



## swatkat (Apr 15, 2005)

Can you post the ZoneAlarm Log file content?

Also, go to Command Prompt, and type this command *netsh int ip reset c:\resetlog.txt* and press ENTER. (Dont lose that resetlog.txt file!)
Check with the error.

Then run SpyBot SnD and click "Check For Problems" and delete all the entries it finds.
*www.safer-networking.org/en/download/


----------



## prathap_lab (Apr 15, 2005)

hi,
    swatkat i executed the cmd: "netsh int ip reset c:\resetlog.txt"
    the file is created. i am not able to understand any thing in that file. i am posting its contents.

reset   SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
            old REG_MULTI_SZ =
                SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
                SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{21EF79FB-807F-445B-9363-A33A0F2C39D1}\NetbiosOptions
reset   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{243A2E8F-DAE1-4992-AD45-996F6F696521}\NameServerList
            old REG_MULTI_SZ =
                <empty>

added   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{243A2E8F-DAE1-4992-AD45-996F6F696521}\NetbiosOptions
reset   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{38DFAE0A-7392-42EA-A124-75EB30AEB6B3}\NameServerList
            old REG_MULTI_SZ =
                <empty>

reset   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{38DFAE0A-7392-42EA-A124-75EB30AEB6B3}\NetbiosOptions
            old REG_DWORD = 2

reset   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CD142DC8-4C9D-4B01-B1CD-956D6C90723F}\NameServerList
            old REG_MULTI_SZ =
                <empty>

added   SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CD142DC8-4C9D-4B01-B1CD-956D6C90723F}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableProxy
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{243A2E8F-DAE1-4992-AD45-996F6F696521}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38DFAE0A-7392-42EA-A124-75EB30AEB6B3}\NameServer
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C765974-62C3-4DD7-B3DA-599CF89F2912}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C765974-62C3-4DD7-B3DA-599CF89F2912}\DisableDynamicUpdate
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C765974-62C3-4DD7-B3DA-599CF89F2912}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C765974-62C3-4DD7-B3DA-599CF89F2912}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C765974-62C3-4DD7-B3DA-599CF89F2912}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A1FFD93-B6EA-4260-87B4-ABB084F93E3A}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A1FFD93-B6EA-4260-87B4-ABB084F93E3A}\DisableDynamicUpdate
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A1FFD93-B6EA-4260-87B4-ABB084F93E3A}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A1FFD93-B6EA-4260-87B4-ABB084F93E3A}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A1FFD93-B6EA-4260-87B4-ABB084F93E3A}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\AddressType
            old REG_DWORD = 1

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\IpAutoconfigurationSeed
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C125253-5E69-40F7-B9E5-99873F26EE0F}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{915AC60A-413B-44C3-B9D0-E60D64DCCDCE}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{915AC60A-413B-44C3-B9D0-E60D64DCCDCE}\DisableDynamicUpdate
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{915AC60A-413B-44C3-B9D0-E60D64DCCDCE}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{915AC60A-413B-44C3-B9D0-E60D64DCCDCE}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{915AC60A-413B-44C3-B9D0-E60D64DCCDCE}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD142DC8-4C9D-4B01-B1CD-956D6C90723F}\NameServer
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8CCDBA6-F449-4784-A78F-1A34DFD88A16}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8CCDBA6-F449-4784-A78F-1A34DFD88A16}\DisableDynamicUpdate
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8CCDBA6-F449-4784-A78F-1A34DFD88A16}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8CCDBA6-F449-4784-A78F-1A34DFD88A16}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E8CCDBA6-F449-4784-A78F-1A34DFD88A16}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset   Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&239BD86&0&78F0.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\UpperBind for ROOT\MS_NDISWANIP\0000.  bad value was:
            REG_MULTI_SZ =
                PSched

<completed>







   hi djmykey what do you mean by java thingy?

thank you.


----------



## swatkat (Apr 15, 2005)

Can you now access to those Websites?
And, dj was talking about Java WebStart or Microsoft Java VM.


----------



## djmykey (Apr 16, 2005)

prathap i meant that jre named installer which u had to dl for limewire installation. thats supposed to be uninstalled.


----------



## prathap_lab (Apr 16, 2005)

hi,
    i removed Java web start. even then i am not able to open those websites.

hi, djmykey my problem started long before the installation of limewire. so i think it is not the problem.

thank you.


----------



## swatkat (Apr 16, 2005)

When did this problem started actually? Is it after the installation of SP2?


----------



## prathap_lab (Apr 16, 2005)

hi,
    yes. this problem started after sp2 installation. but not soon after its installation. for many days it was working fine. i can't blame sp2 for the problem.

thank you.


----------



## khattam_ (Apr 16, 2005)

prathap_lab said:
			
		

> hi,
> i use only IE. i have never used FireFox or Opera.
> 
> do i have to run hijackThis in safe mode or normal mode??


Please try other Browsers to make sure that it is IE related problem................
And why are you still stuck with IE?? I mean when there are a lot better options available.........................


----------



## prathap_lab (Apr 16, 2005)

hi,
    khattam the post you quoted is a bit old one. now i use IE,FireFox & Opera. but the problem is present in all of them.

thank you.


----------



## swatkat (Apr 16, 2005)

Want some more info  When you open microsoft.com in Opera and FireFox, what happens *now*?

Also, do try this:-
Go to www.google.com
Type microsoft.com in the search field and click "Search".
Then click "Cached" and post back whether the site opens or not.


----------



## prathap_lab (Apr 17, 2005)

hi,
   firefox: stops at "waiting for microsoft.com"
   opera: stops at "sending request to microsoft.com"
   ie: just stops.

  in google the cached site of microsoft opened properly. but then if i click current page in the google it will not open.

thank you.


----------



## khattam_ (Apr 17, 2005)

prathap_lab said:
			
		

> hi,
> khattam the post you quoted is a bit old one. now i use IE,FireFox & Opera. but the problem is present in all of them.
> 
> thank you.


Sorry for that...............

It looks like some application is preventing you from doing this................
Windows XP Firewall??........... Not probably............. But you can disable it to try once............. And try once in safe mode...................
SpywareBlaster?? Not sure.................. Unblobk all protection and try once........................................

Thats all I can help for now..............

PS:Sorry but I havent gone through all your posts...............


----------



## swatkat (Apr 17, 2005)

khattam_ said:
			
		

> prathap_lab said:
> 
> 
> 
> ...


khattam, please go through all the posts, we have done these things:-
1] online virus scanning and removal
2] online and offline spyware scan
3] disable windows firewall and he is using ZA
4] use alternate browser like FF, Opera
5] change the size of MTU
6] use RefreshIE
7] Winsock reset
8] TCP/IP Stack reset


But, i have got one clue right now, sites open through Google Cache. This means there is something problem with BSNL DNS Servers.
@prathap, digen knows about this, i will ask him.


----------



## prathap_lab (Apr 17, 2005)

hi
   swatkat,  but other BSNL dataone customers are able to browse the microsoft.com site. i don't understand what is the problem with my system.

 @khattam, no need to ask sorry. i know it is tedious to go through full 5 pages of postings.

thank you.


----------



## swatkat (Apr 17, 2005)

Download and run this:-
*frozenwebhost.com/raw/HOSTFix.exe

After fixing using the above tool, check with the websites and post back.


----------



## pradeep_chauhan (Apr 17, 2005)

I have not read all the posts but i hope the DNS entry in the network connection TCP properties is set.


----------



## digen (Apr 17, 2005)

If the DNS server have conked out then you face such problems.Like raven on the other day wasnt able to browse a particular site.The problem?ISP's DNS servers !
Can you post here the DNS server addresses from the TCP/IP connection properties?


----------



## prathap_lab (Apr 17, 2005)

hi,
   swatkat HOSTFix is also of no use. i am still not able to browse those sites.

  @digen i got this from TCP/IP connection properties

   *img197.echo.cx/img197/8448/dns6wm.jpg

one question: if there was some problem with ISP then doesn't that should affect all its users? because all other users are able to browse those sites.

thnak you.


----------



## pradeep_chauhan (Apr 17, 2005)

I saw the shot You have not put the DNS server IP. So get the DNS ip from your isp provider and add then in the primary dns and secondary dns fields. Your problem WILL be solved. In bangalore the Data One dns are 
Primary DNS 61.1.96.69
Secondary DNS 61.1.96.71


----------



## digen (Apr 17, 2005)

You can also use these 
Primary DNS Server: 203.145.184.13
Alternate DNS Server: 202.56.250.5
They are from my ISP Airtel.


----------



## pradeep_chauhan (Apr 17, 2005)

If the guy is using Data One then its better to use the BSNL DNS Why? It will be faster authentication will not be a problem and probably colocated with the RADIUS or remote authentication server.
Here the proof

bash-2.05b# ping 203.145.184.13
PING 203.145.184.13 (203.145.184.13) 56(84) bytes of data.
64 bytes from 203.145.184.13: icmp_seq=1 ttl=237 time=313 ms
64 bytes from 203.145.184.13: icmp_seq=2 ttl=237 time=313 ms

bash-2.05b# ping 61.1.96.69
PING 61.1.96.69 (61.1.96.69) 56(84) bytes of data.
64 bytes from 61.1.96.69: icmp_seq=1 ttl=246 time=72.1 ms
64 bytes from 61.1.96.69: icmp_seq=2 ttl=246 time=74.5 ms

bash-2.05b#


----------



## prathap_lab (Apr 17, 2005)

hi
   pradeep_chauhan & digen , i put the DNS server address. but even then those sites are not opening.

thank you.


----------



## swatkat (Apr 17, 2005)

Download MWAV and F-Secure BlackLight and scan using them.
Post the result given by MWAV and BlackLight.


----------



## pradeep_chauhan (Apr 17, 2005)

Thats strange which ISP do you use and post a shot of the dns you added also right click on the network icon and select repair this flushes the arp cache .


----------



## khattam_ (Apr 17, 2005)

Can you open the sites via a Proxy server............. Try once..................... 
Proxy list available at
*www.proxy4free.com/page1.html


----------



## prathap_lab (Apr 17, 2005)

hi 
   pradeep_chauhan, my ISP is BSNL(DataOne).
   For DNS see the screen shot.

*img123.echo.cx/img123/151/dnsup6hm.jpg


   @khattam, i dont know how to use those proxy addersses.

thank you.


----------



## swatkat (Apr 18, 2005)

See here for setting proxy for IE. Did you run MWAV and BlackLight?


----------



## pradeep_chauhan (Apr 18, 2005)

I saw that snap shot enable (select ) clients for Microsoft Networks and File and Printer Shar...........
reboot IT WILL WORK if it does not work i will come to your place NOW and set it right


----------



## prathap_lab (Apr 18, 2005)

hi,
    sorry guys i need some time now. i don't know how but my system got infected by a virus "Worm.Win32.PassMail.10" suddenly and 1000's of files (*.exe) got infected and got deleted. 

    now i have to format the disk, cleanup everything, then setup every thing.
    i will contact you ASAP. please forgive me.   

thank you.


----------



## djmykey (Apr 19, 2005)

prathap pls install sp2 and then install zap and ad aware and then only come online i think if u read this post it will b very late wven tho man still do it when u come online ok.


----------



## swatkat (Apr 19, 2005)

As i have seen from the start of the thread, yor are having some viruses, trojans and Spywares. After you install the OS, it;s better you install these tools, given *here*.


----------



## prathap_lab (Apr 20, 2005)

hi every one,
                      i formated  my system and reinstalled win XP and it's SP2.
i also installed all the security softwares neceassary. now everything is fine. i am able to browse all the sites, even "microsoft.com".  

thank you every one for you support.

PS: when i formatted my c:, i lost my MBR where Fedora linux was present. now do i have to del. the linux partition and re install it or can i get back my fedora without deleting the partition?

thank you.


----------



## swatkat (Apr 20, 2005)

Use the Fedora CD and boot in the *Rescue Mode* (_you can also type *linux rescue* and press ENTER, to go in Rescue Mode_), and there type the following commands and press ENTER after each ones.
*chroot /mnt/sysimage
grub-install /dev/hda*

Then reboot.


----------



## pradeep_chauhan (Apr 20, 2005)

Oh no! another cup of tea missed any way maybe some other place some other guy....some other problem....


----------



## prathap_lab (Apr 20, 2005)

hi swatkat,
                  the commands worked. now the fedora is back. i am posting this from fedora.

                  thank you every one for your support.

thank you.


----------



## swatkat (Apr 20, 2005)

Okey  But be sure to update AntiVirus, AntiSpywares ( i am assuming you have installed them!! ) and Windows regularly. And, perform regular scans.


----------



## khattam_ (Apr 20, 2005)

swatkat said:
			
		

> Use the Fedora CD and boot in the *Rescue Mode* (_you can also type *linux rescue* and press ENTER, to go in Rescue Mode_), and there type the following commands and press ENTER after each ones.
> *chroot /mnt/sysimage
> grub-install /dev/hda*
> 
> Then reboot.


Are these commands same f0r Mandrake??


----------



## swatkat (Apr 20, 2005)

Yes, same for all Linux distroes. That should be entered in Rescue Mode, that's all.


----------



## djmykey (Apr 21, 2005)

hi prathap, dont 4get to install ZAP now pls do that or else again ull b back to pavilion, ok c to it.


----------



## prathap_lab (Apr 21, 2005)

hi,
    now every thing is working fine.
     i have installed these s/w: NAV2004,Zone Alarm,A squared, SpywareBlaster, Spybot-S&D, Ccleaner, Ad-Aware SE personal.

  i have downloaded regclean & cleanup also but have not installed them yet.

i think this much is enougn.

thank you.


----------

