ok cheers, heres the results:
F-Secure Online Scanner Results:
Finished: No viruses found
Scanned files: 80408
Hijack this results:
Logfile of HijackThis v1.99.1
Scan saved at 11:00:57 a.m., on 30/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xtra.co.nz/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xtra.co.nz/O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\nvhlytn.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1127018120013O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
WinFind Log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
PEC2 5/08/2004 1:00:00 a.m. 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 29/08/2005 2:27:12 p.m. 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 5/10/2005 3:09:08 p.m. 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/10/2005 3:09:08 p.m. 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/08/2004 1:00:00 a.m. 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 5/08/2004 1:00:00 a.m. 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 5/08/2004 1:00:00 a.m. 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
30/10/2005 10:05:54 a.m. S 2048 C:\WINDOWS\bootstat.dat
28/10/2005 6:32:38 p.m. H 54156 C:\WINDOWS\QTFont.qfn
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\WindowsShell.Manifest
18/09/2005 4:21:04 p.m. H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
20/10/2005 3:08:32 p.m. H 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf
18/09/2005 4:21:38 p.m. HS 67 C:\WINDOWS\Fonts\desktop.ini
1/10/2005 10:18:58 a.m. HS 200192 C:\WINDOWS\Help\Tours\htmlTour\Thumbs.db
18/09/2005 5:39:16 p.m. H 0 C:\WINDOWS\inf\oem12.inf
18/09/2005 4:21:04 p.m. H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
18/09/2005 4:22:22 p.m. H 442368 C:\WINDOWS\repair\ntuser.dat
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
18/09/2005 4:21:04 p.m. RH 488 C:\WINDOWS\system32\logonui.exe.manifest
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
18/09/2005 4:21:04 p.m. RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
18/09/2005 4:20:56 p.m. RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
5/10/2005 2:17:40 p.m. S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 11:53:30 a.m. S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/09/2005 7:15:08 p.m. S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
30/10/2005 10:05:46 a.m. H 8192 C:\WINDOWS\system32\config\default.LOG
19/09/2005 4:08:04 a.m. H 0 C:\WINDOWS\system32\config\default.tmp.LOG
30/10/2005 10:06:06 a.m. H 1024 C:\WINDOWS\system32\config\SAM.LOG
30/10/2005 10:05:56 a.m. H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
30/10/2005 10:06:02 a.m. H 57344 C:\WINDOWS\system32\config\software.LOG
19/09/2005 4:08:02 a.m. H 0 C:\WINDOWS\system32\config\software.tmp.LOG
30/10/2005 10:05:54 a.m. H 856064 C:\WINDOWS\system32\config\system.LOG
19/09/2005 4:07:30 a.m. H 0 C:\WINDOWS\system32\config\system.tmp.LOG
19/09/2005 4:07:24 a.m. H 1024 C:\WINDOWS\system32\config\TempKey.LOG
19/09/2005 4:08:04 a.m. H 1024 C:\WINDOWS\system32\config\userdiff.LOG
18/09/2005 4:22:22 p.m. H 1024 C:\WINDOWS\system32\config\userdifr.LOG
16/10/2005 7:23:34 p.m. H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
25/09/2005 6:49:26 p.m. S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
25/09/2005 6:49:26 p.m. S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
18/09/2005 5:58:48 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\4f07b594-fafc-40ac-9fca-cd7bc73a030f
18/09/2005 5:58:48 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
22/10/2005 12:34:06 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e58b6752-03d0-4ac5-a2b0-eac40ab9326f
22/10/2005 12:34:06 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
30/10/2005 10:04:58 a.m. H 6 C:\WINDOWS\Tasks\SA.DAT
29/10/2005 2:50:28 p.m. H 0 C:\WINDOWS\Temp\TempFolder.aaa\Macromedia.lok
Checking for CPL files...
Microsoft Corporation 5/08/2004 1:00:00 a.m. 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19/08/2003 5:23:34 p.m. 61547 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 18/12/2001 9:04:20 p.m. 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 5:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 5/08/2004 1:00:00 a.m. 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 5:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
25/10/2005 1:12:36 p.m. 899 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
18/09/2005 4:22:18 p.m. HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/11/2003 1:10:38 p.m. 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
2/11/2003 1:08:26 p.m. 779 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
18/09/2005 4:10:08 p.m. HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/11/2003 1:10:32 p.m. 209 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
28/10/2003 4:44:02 p.m. HS 84 C:\Documents and Settings\Holden Family\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
29/10/2003 5:25:48 a.m. HS 62 C:\Documents and Settings\Holden Family\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = :
{3678AAD9-7FB5-D9FE-719F-E880904DFB2E} = Lite Memo Internet : C:\PROGRA~1\bashfree\ViewFour.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{337F1C10-7835-4E45-8D42-27B44AC8A5D1} = SuperBar : C:\Program Files\_SUPERBAR\_SUPERBAR.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MULTIMEDIA KEYBOARD C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
nod32kui "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
JavaUpdate0.07 C:\WINDOWS\System32\nvhlytn.exe
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 30/10/2005 10:11:57 a.m.
Also there is now this file on my desktop called fix.regecho
can i delete or move this from my desktop?
and i have no idea what that viewfour.dll file is!
cheers
Edited by shol087, 29 October 2005 - 04:09 PM.