Hello Everybody,

As suggested by you all, I have begin a new post on the above topic in this forum.

Here is the log generated by the HJT ver. 2.0.2:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:44, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
D:\GOOGLE\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe
D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\MICROS~1\Office10\OUTLOOK.EXE
D:\MICROSOFT OFFICE XP\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\MICROSOFT OFFICE XP\Office10\EXCEL.EXE
D:\TALLY\tally72.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\QUICK TIME\iTUNES\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\SYSTEM MAITENANCE TOOLS\Hijack This v2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SYSTEM~2\ANTI-S~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\GOOGLE\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUICK TIME\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\QUICK TIME\iTUNES\iTunesHelper.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1757981266-616249376-1177238915-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1757981266-616249376-1177238915-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFT OFFICE XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &ieSpell Options - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\MISC. APPLICATIONS\IE Spell Checker\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\MISC. APPLICATIONS\IE Spell Checker\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.airtelworld.com
O15 - Trusted Zone: http://www.akhilsystems.com
O15 - Trusted Zone: www.audible.co.uk
O15 - Trusted Zone: http://www.clearvoicesurveys.com
O15 - Trusted Zone: www.ebay.in
O15 - Trusted Zone: www.google.co.in
O15 - Trusted Zone: http://www.grisoft.com
O15 - Trusted Zone: http://forum.grisoft.cz
O15 - Trusted Zone: http://epaper.hindustantimes.com
O15 - Trusted Zone: http://www.irctc.co.in
O15 - Trusted Zone: www.jaxtr.com
O15 - Trusted Zone: www.makemytrip.com
O15 - Trusted Zone: http://www.cppri.org.in
O15 - Trusted Zone: http://www.rbi.org.in
O15 - Trusted Zone: http://www.sgiquarterly.org
O15 - Trusted Zone: http://www.signdomains.com
O15 - Trusted Zone: http://www.silvaindiakolkata.com
O15 - Trusted Zone: http://www.silvamethod.com
O15 - Trusted Zone: http://www.silvamethodindia.com
O15 - Trusted Zone: http://india.takingitglobal.org
O15 - Trusted Zone: http://epaper.timesofindia.com
O15 - Trusted Zone: http://www.trainenquiry.com
O15 - Trusted Zone: http://*.trivitron.com
O15 - Trusted Zone: http://www.uastdc.com
O15 - Trusted IP range: http://10.240.96.195
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7867E40A-F5C4-4AA0-AA72-3EDE54F341A0}: NameServer = 218.248.240.79 218.248.240.135
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11965 bytes

Please tell me what I am supposed to do now to restore my recycle bin & run command in start panel. :)

Have a great day. :bigthumb:

Rahul Dev

Hi aredev

Good that you posted a log so we could see exactly what happened :)

Open HijackThis, click do a system scan only and checkmark this:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Close all windows including browser and press fix checked.

Reboot.

Download and run this (http://www.kellys-korner-xp.com/regs_edits/restorerecyclebin.reg) and this (http://www.kellys-korner-xp.com/regs_edits/norun.reg)
(save those on desktop, doubleclick yes then asked to merge to registry)

Post back a fresh HijackThis log and tell me if recycle bin & run command are ok now?

Hi Shaba! :bigthumb:

Thanks a million ton. A suggested, I took all steps, rebooted my system for last time and both recycle bin (with all deleted stuff in it) & run command were restored. :crowned:

As you asked to post fresh log, it goes as follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:41, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
D:\GOOGLE\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\QUICK TIME\iTUNES\iTunesHelper.exe
C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe
D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\SYSTEM MAITENANCE TOOLS\Hijack This v2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SYSTEM~2\ANTI-S~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\GOOGLE\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUICK TIME\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\QUICK TIME\iTUNES\iTunesHelper.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFT OFFICE XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\MISC. APPLICATIONS\IE Spell Checker\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\MISC. APPLICATIONS\IE Spell Checker\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.airtelworld.com
O15 - Trusted Zone: http://www.akhilsystems.com
O15 - Trusted Zone: www.audible.co.uk (http://www.audible.co.uk)
O15 - Trusted Zone: http://www.clearvoicesurveys.com
O15 - Trusted Zone: www.ebay.in (http://www.ebay.in)
O15 - Trusted Zone: www.google.co.in (http://www.google.co.in)
O15 - Trusted Zone: http://www.grisoft.com
O15 - Trusted Zone: http://forum.grisoft.cz
O15 - Trusted Zone: http://epaper.hindustantimes.com
O15 - Trusted Zone: http://www.irctc.co.in
O15 - Trusted Zone: www.jaxtr.com (http://www.jaxtr.com)
O15 - Trusted Zone: www.makemytrip.com (http://www.makemytrip.com)
O15 - Trusted Zone: http://www.cppri.org.in
O15 - Trusted Zone: http://www.rbi.org.in
O15 - Trusted Zone: http://www.sgiquarterly.org
O15 - Trusted Zone: http://www.signdomains.com
O15 - Trusted Zone: http://www.silvaindiakolkata.com
O15 - Trusted Zone: http://www.silvamethod.com
O15 - Trusted Zone: http://www.silvamethodindia.com
O15 - Trusted Zone: http://india.takingitglobal.org
O15 - Trusted Zone: http://epaper.timesofindia.com
O15 - Trusted Zone: http://www.trainenquiry.com
O15 - Trusted Zone: http://*.trivitron.com
O15 - Trusted Zone: http://www.uastdc.com
O15 - Trusted IP range: http://10.240.96.195
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7867E40A-F5C4-4AA0-AA72-3EDE54F341A0}: NameServer = 218.248.240.79 218.248.240.135
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 11197 bytes


Once again thanks. :D: It is great to start a day afresh.

Three Cheers! :flowers: :flowers: :flowers:

Rahul Dev

Hi

Nice news :)

However, let's check if there are any malware lurking:

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

Hi Shaba!

Thanks. It was certainly a wise & sincere advise you gave me. Though I am using AVG Free AV (updating daily), Kaspersky detected virus at few places. I am enclosing report of Kaspersky in two parts. (It was taking extra long to scan My Computer in one short & twice abruptly it was aborted. Therefore, I scanned in two parts). As you will observe, in part one, i.e., drives C & D are clean. However, in part 2, both drives, E & F, are infected. On my part, I have deleted "Fax Talk Communicator" folder permanently as I have no use of it & also I have a back up on CD. About rest I am not sure, how to go about. So please advise.

Below is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:33, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
D:\GOOGLE\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\cisvc.exe
D:\QUICK TIME\iTUNES\iTunesHelper.exe
C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\MICROS~1\Office10\OUTLOOK.EXE
D:\MICROSOFT OFFICE XP\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\MICROSOFT OFFICE XP\Office10\EXCEL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SM1MT2.EXE
D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
D:\SYSTEM MAINTENANCE TOOLS\Hijack This v2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SYSTEM~2\ANTI-S~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\GOOGLE\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\QUICK TIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\QUICK TIME\iTUNES\iTunesHelper.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFT OFFICE XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\MISC. APPLICATIONS\IE Spell Checker\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\MISC. APPLICATIONS\IE Spell Checker\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.airtelworld.com
O15 - Trusted Zone: http://www.akhilsystems.com
O15 - Trusted Zone: www.audible.co.uk (http://www.audible.co.uk)
O15 - Trusted Zone: http://www.clearvoicesurveys.com
O15 - Trusted Zone: www.ebay.in (http://www.ebay.in)
O15 - Trusted Zone: www.google.co.in (http://www.google.co.in)
O15 - Trusted Zone: http://www.grisoft.com
O15 - Trusted Zone: http://forum.grisoft.cz
O15 - Trusted Zone: http://epaper.hindustantimes.com
O15 - Trusted Zone: http://www.irctc.co.in
O15 - Trusted Zone: www.jaxtr.com (http://www.jaxtr.com)
O15 - Trusted Zone: www.makemytrip.com (http://www.makemytrip.com)
O15 - Trusted Zone: http://www.cppri.org.in
O15 - Trusted Zone: http://www.rbi.org.in
O15 - Trusted Zone: http://www.sgiquarterly.org
O15 - Trusted Zone: http://www.signdomains.com
O15 - Trusted Zone: http://www.silvaindiakolkata.com
O15 - Trusted Zone: http://www.silvamethod.com
O15 - Trusted Zone: http://www.silvamethodindia.com
O15 - Trusted Zone: http://india.takingitglobal.org
O15 - Trusted Zone: http://epaper.timesofindia.com
O15 - Trusted Zone: http://www.trainenquiry.com
O15 - Trusted Zone: http://*.trivitron.com
O15 - Trusted Zone: http://www.uastdc.com
O15 - Trusted IP range: http://10.240.96.195
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7867E40A-F5C4-4AA0-AA72-3EDE54F341A0}: NameServer = 218.248.240.79 218.248.240.135
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 11713 bytes


Looking forward to hear from you.

Have a nice day! :)

Rahul Dev

PS: Sorry for attachments. I am not allowed to post more than a particular size.
:oops:
PPS: Sorry once again. Even txt files were bigger than allowed size. So, I had to zip them in one folder.

Hi

Delete these (unless those have some very important stuff):

F:\BUSINESS\ADMINISTRATION\DOCUMENTS AND SETTINGS\OUTLOOK DATA\outlook.zip
F:\BUSINESS\ADMINISTRATION\MISC\Mail\Inbox

Empty Recycle Bin

Other problems?

Hi!

Thanks. I have deleted these files. I have sufficient back up available. Do you see any other trouble in reports that I sent you. If not, I think then problem is resolved 100%. What do you say? :angel:

Thanks a ton once again.

Rahul Dev

Hi

I don't see any other issues.

Do you have any problems left?

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.