cannot start mspaint

did you reinstall from the xp cd?

Yes. And in fact I was guided by that same link you posted. I even downloaded an earlier version of paint from microsoft download site. But as soon as I put the old version into the system32 folder(along with the older dll files) it changed instantaneously into the newer version. However,if I did not put the older version into system32 I could open this older version of mspaint from any other folder.Even Hijackthis found no dubious process.

post that MBAM log, any showing an infection

Malwarebytes' Anti-Malware 1.25
Database version: 1098
Windows 5.1.2600 Service Pack 3

14:53:52 31/08/2008
mbam-log-08-31-2008 (14-53-52).txt

Scan type: Quick Scan
Objects scanned: 38160
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (Trojan.BHO.H) -> Delete on reboot.

that looks like the remnants of a fairly serious infection

you were using something else to clean with?



sdfix has some registry patches to reverse damage by malware?


are you sure it's only paint affected?

tsakmanager, msconfig, regedit etc

this exact prodedure for atf cleaner and SAS seem to compliment MBAM rather well

All working. And I just found out that Paint is also working, but only in SAFE MODE.

I will now try out those fixes you suggested. Thanks for staying with me.

Ran SDFix. Still the same error.
Here is the SDFix report:

SDFix: Version 1.220
Run by A.CHOWDHURY on 01/09/2008 at 00:19

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\A3E45~1.CHO\LOCALS~1\Temp\tmp18.tmp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 00:23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe"="C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe:*:Enabled:24Online Client"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

XP_CodecRepair.inf

is in the sdfix folder

no mspaint tho

[Version]
Signature="$Windows NT$"

[DefaultInstall]
DelReg=RemoveRestrictions
AddReg=ResetRegChanges

[ResetRegChanges]
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowControlPanel,0x10001,0x00 000002
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowHelp,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyComputer,0x10001,0x0000 0002
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyDocs,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyMusic,0x10001,0x0000000 1
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyPics,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowNetPlaces,0x10001,0x00000 001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowRun,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowSearch,0x10001,0x00000001
HKCU,Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer,NoDrives,0x10001,0x00000000

[RemoveRestrictions]
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","DisableRegistryTools"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","DisableTaskMgr"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","NoDispCPL"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
HKCU, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"

the malware and mspaint issue may be a coincidence or just collateral damage

It is running ok in Safe Mode but not in Normal mode. What does this signify ?

something may be loading in normal mode that is creating a conflict