Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello All, Best In The New Year


  • Please log in to reply
10 replies to this topic

#1 norwegian

norwegian

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 01 January 2006 - 02:39 AM

hello everyone, hope the new year goes well for you all

i was in BBR when this tool WinPFind was mentioned, so i gave it a try, i have a query on my hosts file list it created, it isnt anything like the mvps, or hpgurus list, so i was wondering if someone could explain it to me
sorry its long, but here's the log

aspack 7/12/2005 1:38:52 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 8:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 3/08/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 download-dev.abetterinternet.com
127.0.0.1 web-nexus.net
127.0.0.1 www.web-nexus.net
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 c.abetterinternet.com
127.0.0.1 s.abetterinternet.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 abetterinternet.com
127.0.0.1 st.abetterinternet.com
127.0.0.1 download2.abetterinternet.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 xml.vpptechnologies.com

PTech 31/12/2005 7:37:22 PM 1251699 C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS.bak
abetterinternet.com 31/12/2005 7:37:22 PM 1251699 C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS.bak
web-nex 31/12/2005 7:37:22 PM 1251699 C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS.bak
ad-w-a-r-e.com 31/12/2005 7:37:22 PM 1251699 C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS.bak

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/01/2006 1:17:46 PM S 2048 C:\WINDOWS\bootstat.dat
11/12/2005 7:16:04 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
11/12/2005 7:22:32 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
11/12/2005 7:22:32 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat
11/12/2005 3:09:38 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
11/12/2005 3:09:40 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
10/12/2005 4:02:02 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
10/12/2005 4:02:38 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
11/12/2005 6:19:02 AM H 0 C:\WINDOWS\inf\oem6.inf
12/12/2005 5:23:40 PM H 0 C:\WINDOWS\inf\oem7.inf
1/01/2006 2:27:56 PM H 0 C:\WINDOWS\LastGood\INF\oem14.inf
1/01/2006 2:27:56 PM H 0 C:\WINDOWS\LastGood\INF\oem14.PNF
31/12/2005 6:18:28 PM H 68384 C:\WINDOWS\Minidump\Mini123105-01.dmp
10/12/2005 4:02:02 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
10/12/2005 4:02:18 PM RHS 727 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
10/12/2005 4:02:18 PM RHS 19854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
10/12/2005 4:02:18 PM RHS 243124 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
10/12/2005 4:20:50 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_6.cab
10/12/2005 4:03:06 PM H 229376 C:\WINDOWS\repair\ntuser.dat
10/12/2005 4:01:56 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
31/12/2005 9:23:38 AM H 1024 C:\WINDOWS\system32\default_user_class.dat.LOG
10/12/2005 4:02:02 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
10/12/2005 4:01:56 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
10/12/2005 4:01:56 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
10/12/2005 4:01:56 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
10/12/2005 4:02:02 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
10/12/2005 4:01:56 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
5/12/2005 6:27:14 PM S 7927 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_28_x86.CAT
1/12/2005 12:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
2/12/2005 8:12:48 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
5/12/2005 6:27:14 PM S 7927 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\xinput9_1_0_x86.CAT
1/01/2006 1:51:30 PM H 1024 C:\WINDOWS\system32\config\default.LOG
1/01/2006 1:19:10 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/01/2006 1:27:54 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
1/01/2006 2:54:42 PM H 1024 C:\WINDOWS\system32\config\software.LOG
1/01/2006 2:28:08 PM H 1024 C:\WINDOWS\system32\config\system.LOG
10/12/2005 11:36:46 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
10/12/2005 11:36:48 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
14/12/2005 5:14:50 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/12/2005 11:38:14 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
14/12/2005 5:23:16 AM S 1047 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
14/12/2005 5:23:16 AM S 1370 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
14/12/2005 5:23:16 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
14/12/2005 5:23:16 AM S 194 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
10/12/2005 11:38:14 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
10/12/2005 4:02:20 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
10/12/2005 4:02:20 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\09MRCL6N\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KT6RO9MZ\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OL6V8HUF\desktop.ini
10/12/2005 4:02:20 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5URSDMB\desktop.ini
10/12/2005 4:02:04 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
10/12/2005 11:38:14 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
10/12/2005 4:03:04 PM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
10/12/2005 4:03:04 PM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
10/12/2005 4:03:04 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
10/12/2005 4:03:04 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
10/12/2005 4:03:04 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
31/12/2005 7:37:22 PM RHS 1251699 C:\WINDOWS\system32\drivers\etc\HOSTS
11/12/2005 6:34:14 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\39081055-e5c8-4b0f-9432-d7c825351252
11/12/2005 6:34:14 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
10/12/2005 4:24:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a54762cb-1097-4784-9be0-a28963b4c4ac
10/12/2005 4:24:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
28/11/2005 2:12:12 AM S 1175552 C:\WINDOWS\system32\tenarchlib\uilib.dll
1/01/2006 1:17:48 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 22/07/2005 2:56:14 PM 18763776 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 4/08/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 29/08/2002 8:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/12/2005 4:03:04 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/12/2005 11:38:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
10/12/2005 4:03:04 PM HS 84 C:\Documents and Settings\sillybilly\Start Menu\Programs\Startup\desktop.ini
30/12/2005 4:52:10 PM 662 C:\Documents and Settings\sillybilly\Start Menu\Programs\Startup\MRU-Blaster Scheduler.lnk
30/12/2005 4:52:10 PM 683 C:\Documents and Settings\sillybilly\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/12/2005 11:38:14 PM HS 62 C:\Documents and Settings\sillybilly\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
SoundMan SOUNDMAN.EXE
KAVPersonal50 "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
!1_pgaccount "C:\Program Files\ProcessGuard\pgaccount.exe"
SunServer C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
BOC-420 C:\PROGRA~1\NSClean\BOClean\BOC420.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
IE 3.0 RegSvr schannel.dll C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\schannel.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!1_ProcessGuard_Startup "C:\Program Files\ProcessGuard\procguard.exe" -minimize
Gadwin PrintScreen 3.1 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
NW 3
XCOMM 2
bdss 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SPYCAT~1\PROTEC~1.EXE
item SpyCatcher Protector
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyCatcher Protector.lnk
backup C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SPYCAT~1\PROTEC~1.EXE
item SpyCatcher Protector

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^sillybilly^Start Menu^Programs^Startup^Scheduler.lnk
path C:\Documents and Settings\sillybilly\Start Menu\Programs\Startup\Scheduler.lnk
backup C:\WINDOWS\pss\Scheduler.lnkStartup
location Startup
command C:\PROGRA~1\SPYCAT~1\SCHEDU~1.EXE
item Scheduler
path C:\Documents and Settings\sillybilly\Start Menu\Programs\Startup\Scheduler.lnk
backup C:\WINDOWS\pss\Scheduler.lnkStartup
location Startup
command C:\PROGRA~1\SPYCAT~1\SCHEDU~1.EXE
item Scheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDMCon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bdmcon
hkey HKLM
command "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bdmcon
hkey HKLM
command "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDNewsAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bdnagent
hkey HKLM
command "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bdnagent
hkey HKLM
command "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Force Personal
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PolicyDeveloper
hkey HKLM
command C:\Program Files\Core Security Technologies\CORE FORCE\Policy Developer\PolicyDeveloper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PolicyDeveloper
hkey HKLM
command C:\Program Files\Core Security Technologies\CORE FORCE\Policy Developer\PolicyDeveloper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyCatcher Reminder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyCatcher
hkey HKLM
command "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpyCatcher
hkey HKLM
command "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Debugger = C:\ProcessExplorerNt\procexp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs C:\WINDOWS\system32\wmfhotfix.dll


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/01/2006 2:56:16 PM

BC AdBot (Login to Remove)

 


#2 norwegian

norwegian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 01 January 2006 - 02:41 AM

my appolagies on the wrong place, still looking at where it all fits

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:43 PM

Posted 02 January 2006 - 07:57 PM

I am little confused by what you are asking. Where it says this:

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


It is listing the entries in your current hosts file.

#4 norwegian

norwegian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 January 2006 - 12:21 AM

gday Grinler, and thanks for looking in.

the reason i asked, was because i have hostsman looking after hpGuru's and MVPS's hosts lists, which goes into a figure far beyond what shows there, thus my asking about why the tool didn't detect the rest of the hosts

thankyou

norwegian

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:43 PM

Posted 03 January 2006 - 10:24 AM

Ahhh...i see what you mean. Let me see if I can ask the developer to take a look at this thread. If you look in your hosts file, are your entries being redirected to 127.0.0.1 or some other ip?

#6 norwegian

norwegian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 03 January 2006 - 10:55 AM

Thanks Grinler, below is the beginning of the list, so you can well see they are indeed there, in numeric, and alphabetical order, so why this tool picked up the particular entries, and NOT in order is why it made me curious, let me know if there is anything i can do

# Hosts in use:
# hpHosts (http://www.hosts-file.net/)
# MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm)
#
# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ********************************************************#
# ------------------Updated: 12-28-05---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should #
# be placed in the Internet Explorer Restricted Zone. #
# http://mvps.org/winhelp2002/restricted.htm #
# #
# Entries with other comments are searchable via Google. #
# #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommons.org/licenses/by-nc-sa/2.0/ #
127.0.0.1 localhost
127.0.0.1 0-6e4332-5ox89w3-id53454s-id8ty3-8-u5o3984mjeo4094-g3ret567yr.com
127.0.0.1 0-computer.info
127.0.0.1 007guard.com
127.0.0.1 00inkjets.com
127.0.0.1 00z70az77mnsa-00swj1zzprh.com
127.0.0.1 0123hardcore.com
127.0.0.1 01smith.com
127.0.0.1 0202search.com
127.0.0.1 02kmky1xgzbmsdfx.com
127.0.0.1 02pmnzy5eo29bfk4.com
127.0.0.1 070.us
127.0.0.1 077.us
127.0.0.1 079.us
127.0.0.1 07ic5do2myz3vzpk.com
127.0.0.1 08.185.87.0.liveadvert.com
127.0.0.1 08.185.87.00.liveadvert.com
127.0.0.1 08.185.87.01.liveadvert.com
127.0.0.1 08.185.87.02.liveadvert.com
127.0.0.1 08.185.87.03.liveadvert.com
127.0.0.1 08.185.87.04.liveadvert.com
127.0.0.1 08.185.87.05.liveadvert.com
127.0.0.1 08.185.87.06.liveadvert.com
127.0.0.1 08.185.87.07.liveadvert.com
127.0.0.1 08.185.87.08.liveadvert.com
127.0.0.1 08.185.87.09.liveadvert.com
127.0.0.1 08.185.87.1.liveadvert.com
127.0.0.1 08.185.87.10.liveadvert.com
127.0.0.1 08.185.87.100.liveadvert.com
127.0.0.1 08.185.87.101.liveadvert.com

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:43 PM

Posted 04 January 2006 - 05:11 PM

Hi norwegian and Grinler. WinPFind only looks for a pre-defined set of strings within any file that it scans. These are the lines that would show up if they are present in the hosts file. It does not attempt to look for or list all of the sites which might be present in some of the other blocking/redirecting hosts files available. That would be the reason why it is not listing everything that shows in the MVPS list or similar. We do not look for everything that is listed there.

Hope that helps.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:43 PM

Posted 04 January 2006 - 05:18 PM

Ahh..good to know :thumbsup: Thought it listed the entire hosts file.

#9 norwegian

norwegian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 05 January 2006 - 05:21 PM

Thanks Grinler and OldTimer for spending the time to explain this to me,
i can understand that it doesnt scan the hosts file ,
so there is nothing there to worry about then with what it is showing
i can relax and go back to normal browsing

thankx

norwegian

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:43 PM

Posted 06 January 2006 - 11:31 AM

Yes you can :thumbsup:

#11 norwegian

norwegian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 07 January 2006 - 06:36 AM

thankyou Grinler and OldTimer, understanding some of the tools out there to help us is a hard task at times, thanx for spending the time to help me,

greatly appreciated

norwegian




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users