PDA

View Full Version : System Internals Question



tsSecure
2006-05-14, 03:50
I ran system internals scan and it found these: What should I do?

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Filename: C:\DOCUME~1\David\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\hijackthis.exe
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis
Filename: C:\DOCUME~1\David\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe /uninstall
Data:

Category: Startup file does not exist
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISS_SIP
Filename: C:\Program Files\Anti Keylogger Elite\AKE.exe
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe
Filename: C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Filename: C:\Program Files\PC-Doctor for Windows\yourapp.Exe
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\asinst.dll
Filename: C:\WINDOWS\Downloaded Program Files\asinst.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hrtbeat.ocx
Filename: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hrtbeat.ocx
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\zsetup.exe
Filename: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\zsetup.exe
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
Filename: C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\FlashNet.dll
Filename: C:\WINDOWS\Downloaded Program Files\FlashNet.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
Filename: C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx
Filename: C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\mainstrings.txt
Filename: C:\WINDOWS\Downloaded Program Files\mainstrings.txt
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\pestscan.ini
Filename: C:\WINDOWS\Downloaded Program Files\pestscan.ini
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\pestscanx.ocx
Filename: C:\WINDOWS\Downloaded Program Files\pestscanx.ocx
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ppctl.dll
Filename: C:\WINDOWS\Downloaded Program Files\ppctl.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\SymAData.dll
Filename: C:\WINDOWS\Downloaded Program Files\SymAData.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
Filename: C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Filename: C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\xscan60.ocx
Filename: C:\WINDOWS\Downloaded Program Files\xscan60.ocx
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\yacscom.dll
Filename: C:\WINDOWS\Downloaded Program Files\yacscom.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\yacsui.dll
Filename: C:\WINDOWS\Downloaded Program Files\yacsui.dll
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\zsetup.exe
Filename: C:\WINDOWS\Downloaded Program Files\zsetup.exe
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Game Maker 6.0
Filename: C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInst.log" "/APPNAME=Game Maker 6.0"
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb
Filename: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE
Filename: C:\WINDOWS\ORUN32.EXE
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe
Filename: C:\WINDOWS\system32\cmmgr32.exe
Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\DIMM.DLL
Filename: C:\WINDOWS\system32\DIMM.DLL
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\install.exe
Filename: install.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe
Filename: MsoHtmEd.exe
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\scanpst.hlp
Filename: scanpst.hlp
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe
Filename: setup.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\table30.exe
Filename: table30.exe
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help\VisBuildPro.chm
Filename: VisBuildPro.chm
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\winnt32.exe
Filename: winnt32.exe
Data:

Zenobia
2006-05-14, 11:44
When you are in the System Internals section of Spybot,if you click on help,it will display help for System Internals.Towards the bottom,there's a warning:


Warning: Please be aware that changes to these items can corrupt your system! If you are not sure whether a setting is really a problem, YouŽd better leave it alone!
This warning especially applies if you use Microsoft Office™. This software suite has some registry entries pointing to wrong directories and some even pointing to non-existent help files. I've changed the first, but I wouldn't delete the other one, because they may well point to files that will be installed on that "Install on first use" basis.

So,if you're unsure if any of the items are problems,I think your best bet is to leave them alone.
I do scan for System Internals myself sometimes,but if I'm unsure,I hit ignore.

Here is what it says in Spybot's Help about System Internals:


The windows registry contains lots of information. It's consistency can be checked with good commercial programs like Symantec™ System Works. But there are some small things I miss with those programs. Here's what SpyBot-S&D searches for:

Missing help files – the registry contains information about the location of some help files. If this information points to incorrect directories, Spybot-S&D will inform you about and allow to fix.


Missing shared DLLs – the registry contains a list of dynamic link libraries, where they are located and how many programs use them. SpyBot-S&D checks if all locations are correct and allows to change them if not.


Application paths – some applications (mostly those registered to a file extension) are registered in the registry. If they are pointing to a program file no longer existing, Spybot-S&D can change their path or delete their entry.


Wrong Uninstall information – every program that has it's own uninstall routine stores some information about it in the registry. If this information is incorrect, Spybot-S&D will tell You about. For example, the uninstall program may have been located inside a temp directory (there are lots of programs that stupid!).


Broken Desktop Links – if one of the links on your desktop links to a file that no longer exists, Spybot-S&D will tell you and allow you to either point the link to another file or delete it.

Warning: Please be aware that changes to these items can corrupt your system! If you are not sure whether a setting is really a problem, YouŽd better leave it alone!
This warning especially applies if you use Microsoft Office™. This software suite has some registry entries pointing to wrong directories and some even pointing to non-existent help files. I've changed the first, but I wouldn't delete the other one, because they may well point to files that will be installed on that "Install on first use" basis.

tsSecure
2006-05-15, 22:17
Thank you for your help

Zenobia
2006-05-16, 03:49
You're welcome. :)
I see some things in your system internals scan that normally are put into the System Internals ignore list in Spybot.Did you remove those things from the Ignore System Internals section of Spybot?
These are what appear in the ignore list,I believe:
%JavaDir%\QTJava.zip
install.exe
MsoHtmEd.exe
winnt32.exe

I see these three were found by your System Internals scan:
install.exe
MsoHtmEd.exe
winnt32.exe

tsSecure
2006-05-22, 22:56
are there any i should definetly remove?

Zenobia
2006-05-23, 05:35
With System Internals,I usually check things out a little more.So,it's hard to look at what was found in someone else's System Internals scan,and just tell you to delete,ignore,or change the path to anything found.I would not want to accidently screw anything up on your computer.I only like to mess up my own. :D