JAVA errors and other problems ! Help !

**kevinkehily** · 02-08-2007

i have been having some problems with java and also with a program called TAS books 2 (accounting software) from sage. I get a run time error for tas books 2 - i have deleted and reinstalled tas books 2 but still have same run time error. I also have problems with java when used on some websites - if entering information into java i.e. for online banking it will not let me.

Also i can not run kaspersky online scanner, trandmicro or panda active scan i get errors with them also ! i could not download java after deleting it but then dowloaded okay from firefox.

i have been able to run bitdefender, runkey.txt, a2scan.txt. hijackthis log - below also.

I have attached hijackthis log from the other day.

i have tried everything.

help would be greatly appreciated as i can not conduct my online banking or use my accountancy software.

sample of some errors:
Invalid patch file:’C:\PROGRA~\Java16~2.0_0\patch-1.6.0_0_02-b06.rtp
Java (tm) Update fails to apply changes to your system
Error 1722. there is a problem with this Windows installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.
The intallation of package http:java.sun.com/update/1.6.0/jre-6u2-windows-j586-jc-epi failed with -203.

my hijack this log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:56 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\RTHDCPL.EXE
D:\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Nokia PC Suite 6\PcSync2.exe
D:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] D:\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = D:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Matrox Centering Service - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8937 bytes

bdscanner:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
BitDefender
Online Scanner
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>
<tr>
<td colspan="3" width="912">
Scan report generated
at: Sat, Jul 28, 2007 - 01:09:48
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
Scan
path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Statistics
</td>
</tr>
<tr>
<td width="57%">
Time
</td>
<td width="43%" align="right">
01:06:50
</td>
</tr>
<tr>
<td width="57%">
Files
</td>
<td width="43%" align="right">
317536
</td>
</tr>
<tr>
<td width="57%">
Folders
</td>
<td width="43%" align="right">
8988
</td>
</tr>
<tr>
<td width="57%">
Boot Sectors
</td>
<td width="43%" align="right">
4
</td>
</tr>
<tr>
<td width="57%">
Archives
</td>
<td width="43%" align="right">
14131
</td>
</tr>
<tr>
<td width="57%">
Packed Files
</td>
<td width="43%" align="right">
21481
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Results
</td>
</tr>
<tr>
<td width="57%">
Identified Viruses 
</td>
<td width="43%" align="right">
1
</td>
</tr>
<tr>
<td width="57%">
Infected Files 
</td>
<td width="43%" align="right">
1
</td>
</tr>
<tr>
<td width="57%">
Suspect Files 
</td>
<td width="43%" align="right">
0
</td>
</tr>
<tr>
<td width="57%">
Warnings
</td>
<td width="43%" align="right">
0
</td>
</tr>
<tr>
<td width="57%">
Disinfected
</td>
<td width="43%" align="right">
0
</td>
</tr>
<tr>
<td width="57%">
Deleted Files
</td>
<td width="43%" align="right">
1
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Engines Info
</td>
</tr>
<tr>
<td width="57%">
Virus Definitions
</td>
<td width="43%" align="right">
641271
</td>
</tr>
<tr>
<td width="57%">
Engine build
</td>
<td width="43%" align="right">
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
</td>
</tr>
<tr>
<td width="57%">
Scan plugins
</td>
<td width="43%" align="right">
14
</td>
</tr>
<tr>
<td width="57%">
Archive plugins
</td>
<td width="43%" align="right">
38
</td>
</tr>
<tr>
<td width="57%">
Unpack plugins
</td>
<td width="43%" align="right">
6
</td>
</tr>
<tr>
<td width="57%">
E-mail plugins
</td>
<td width="43%" align="right">
6
</td>
</tr>
<tr>
<td width="57%">
System plugins
</td>
<td width="43%" align="right">
1
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Scan Settings
</td>
</tr>
<tr>
<td width="57%">
First Action
</td>
<td width="43%" align="right">
Disinfect
</td>
</tr>
<tr>
<td width="57%">
Second Action
</td>
<td width="43%" align="right">
Delete
</td>
</tr>
<tr>
<td width="57%">
Heuristics
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Enable Warnings
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scanned Extensions
</td>
<td width="43%" align="right">
*;
</td>
</tr>

<tr>
<td width="57%">
Exclude Extensions
</td>
<td width="43%" align="right">
 
</td>
</tr>
<tr>
<td width="57%">
Scan Emails
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Archives
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Packed
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Files
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Boot
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
Scanned File
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
 Status
</td>
</tr>
<tr>
<td width="57%">
C:\WINDOWS\system32\ActiveScan\pskahk.dll 
</td>
<td width="43%" align="left">
Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\ActiveScan\pskahk.dll 
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\ActiveScan\pskahk.dll 
</td>
<td width="43%" align="left">
Deleted
</td>
</tr>
</table>
</td>

<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

</table>
 

</body>
</html>

newfiles.txt:

JAVA Jul 28 2007 "Java"

1 item found: 0 files, 1 directory.
************************************************** ****************************

Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 120 days.

No matches found.
************************************************** ****************************

Locating all files created in C:\ within the last 90 days.

"C:\"
boot.ini Jul 27 2007 211 "boot.ini"
clubsh~1.tb2 Jul 7 2007 1316804 "Clubshop.ie.TB2"
DIAL-A~1.24 Jul 26 2007 "Dial-a-fix-v0.60.0.24"
dial-a~1.zip Jul 26 2007 335992 "Dial-a-fix-v0.60.0.24.zip"
MATROX Jul 26 2007 "Matrox"
MGAFOLD Jun 6 2007 "mgafold"
newfiles.txt Jul 28 2007 12455 "newfiles.txt"
outloo~1.pst Jul 27 2007 271360 "Outlook backup.pst"
pagefile.sys Jul 28 2007 2145386496 "pagefile.sys"
runkeys.txt Jul 28 2007 26672 "runkeys.txt"
scripten.exe Jul 26 2007 693800 "scripten.exe"
sq13b0~1.sqm Jul 25 2007 244 "sqmnoopt12.sqm"
sq13b4~1.sqm Jul 25 2007 244 "sqmnoopt13.sqm"
sq13b8~1.sqm Jul 23 2007 244 "sqmnoopt10.sqm"
sq13bc~1.sqm Jul 25 2007 244 "sqmnoopt11.sqm"
sq23b0~1.sqm Jul 26 2007 244 "sqmnoopt16.sqm"
sq23b4~1.sqm Jul 26 2007 244 "sqmnoopt17.sqm"
sq23b8~1.sqm Jul 25 2007 244 "sqmnoopt14.sqm"
sq23bc~1.sqm Jul 25 2007 244 "sqmnoopt15.sqm"
sq2fa0~1.sqm Jul 27 2007 244 "sqmnoopt06.sqm"
sq2fa4~1.sqm Jul 27 2007 244 "sqmnoopt07.sqm"
sq2fa8~1.sqm Jul 27 2007 244 "sqmnoopt04.sqm"
sq2fac~1.sqm Jul 27 2007 244 "sqmnoopt05.sqm"
sq33b8~1.sqm Jul 26 2007 244 "sqmnoopt18.sqm"
sq33bc~1.sqm Jul 26 2007 244 "sqmnoopt19.sqm"
sq3fa8~1.sqm Jul 27 2007 244 "sqmnoopt08.sqm"
sq3fac~1.sqm Jul 28 2007 244 "sqmnoopt09.sqm"
sqa368~1.sqm Jul 23 2007 268 "sqmdata10.sqm"
sqa378~1.sqm Jul 25 2007 268 "sqmdata14.sqm"
sqa37a~1.sqm Jul 27 2007 268 "sqmdata04.sqm"
sqa388~1.sqm Jul 26 2007 268 "sqmdata18.sqm"
sqa38a~1.sqm Jul 27 2007 268 "sqmdata08.sqm"
sqa768~1.sqm Jul 25 2007 268 "sqmdata11.sqm"
sqa778~1.sqm Jul 25 2007 268 "sqmdata15.sqm"
sqa77a~1.sqm Jul 27 2007 268 "sqmdata05.sqm"
sqa788~1.sqm Jul 26 2007 268 "sqmdata19.sqm"
sqa78a~1.sqm Jul 28 2007 268 "sqmdata09.sqm"
sqab68~1.sqm Jul 25 2007 268 "sqmdata12.sqm"
sqab78~1.sqm Jul 26 2007 268 "sqmdata16.sqm"
sqab7a~1.sqm Jul 27 2007 268 "sqmdata06.sqm"
sqaf68~1.sqm Jul 25 2007 268 "sqmdata13.sqm"
sqaf78~1.sqm Jul 26 2007 268 "sqmdata17.sqm"
sqaf7a~1.sqm Jul 27 2007 268 "sqmdata07.sqm"
sqmdat~1.sqm Jul 26 2007 268 "sqmdata00.sqm"
sqmdat~2.sqm Jul 26 2007 268 "sqmdata01.sqm"
sqmdat~3.sqm Jul 27 2007 268 "sqmdata02.sqm"
sqmdat~4.sqm Jul 27 2007 268 "sqmdata03.sqm"
sqmnoo~1.sqm Jul 26 2007 244 "sqmnoopt00.sqm"
sqmnoo~2.sqm Jul 26 2007 244 "sqmnoopt01.sqm"
sqmnoo~3.sqm Jul 27 2007 244 "sqmnoopt02.sqm"
sqmnoo~4.sqm Jul 27 2007 244 "sqmnoopt03.sqm"
vbrun6~1.exe Jul 26 2007 1028368 "vbrun60sp6.exe"
xrnotif.txt Jul 28 2007 13420 "xrnotif.txt"

53 items found: 50 files (42 H/S), 3 directories.
Total of file sizes: 2,149,095,818 bytes 2.00 G
************************************************** ****************************

Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.

"C:\WINDOWS\Downloaded Program Files\"
desktop.ini Jul 26 2007 65 "desktop.ini"
jinsta~3.inf Jul 12 2007 1055 "jinstall-6u2.inf"

2 items found: 2 files (1 H/S), 0 directories.
Total of file sizes: 1,120 bytes 1.09 K
************************************************** ****************************

Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll Aug 4 2004 21504 "brpinfo.dll"
hcappres.dll Aug 4 2004 6656 "HCAppRes.dll"
helpctr.exe Aug 4 2004 768512 "HelpCtr.exe"
helphost.exe Aug 4 2004 99840 "HelpHost.exe"
helpsvc.exe Aug 4 2004 743936 "HelpSvc.exe"
hscsp_p3.cab Aug 4 2004 286777 "hscsp_p3.cab"
hscupd.exe Aug 4 2004 18944 "HscUpd.exe"
msconfig.exe Aug 4 2004 158208 "msconfig.exe"
msinfo.dll Aug 4 2004 376320 "msinfo.dll"
notiflag.exe Aug 4 2004 35328 "notiflag.exe"
pchdt_p3.cab Aug 4 2004 2334260 "pchdt_p3.cab"
pchshell.dll Aug 4 2004 102400 "pchshell.dll"
pchsvc.dll Aug 4 2004 38912 "pchsvc.dll"

13 items found: 13 files, 0 directories.
Total of file sizes: 4,991,597 bytes 4.76 M
************************************************** ****************************

Locating .EXE files created in C:\WINDOWS within the last 360 days.

No matches found.
************************************************** ****************************

Locating .EXE files created in C:\WINDOWS\system32 within the last 90 days.

"C:\WINDOWS\system32\"
java.exe Jul 12 2007 135168 "java.exe"
javaw.exe Jul 12 2007 135168 "javaw.exe"
javaws.exe Jul 12 2007 139264 "javaws.exe"
mrt.exe Jun 28 2007 16256984 "MRT.exe"
sbbd.exe Jun 15 2007 27376 "SBBD.exe"

5 items found: 5 files, 0 directories.
Total of file sizes: 16,693,960 bytes 15.92 M
************************************************** ****************************

Locating .DLL files created in C:\WINDOWS within the last 360 days.

No matches found.
************************************************** ****************************

Locating .DLL files created in C:\WINDOWS\System32 within the last 90 days.

"C:\WINDOWS\system32\"
amstream.dll Nov 12 2018 70656 "amstream.dll"
inetcomm.dll May 16 2007 683520 "inetcomm.dll"
mshtml.dll May 4 2007 3064320 "mshtml.dll"
msvcp70.dll May 24 2048 487424 "msvcp70.dll"
msxml3a.dll Jan 13 2023 24576 "msxml3a.dll"

5 items found: 5 files, 0 directories.
Total of file sizes: 4,330,496 bytes 4.13 M
************************************************** ****************************

Locating .SYS files created in C:\WINDOWS\System32 within the last 90 days.

No matches found.
************************************************** ****************************

Locating .TMP files created in C:\WINDOWS\System32 within the last 90 days.

No matches found.
************************************************** ****************************

Locating .INI files created in C:\WINDOWS\System32 within the last 90 days.

"C:\WINDOWS\system32\"
perfst~1.ini Jul 27 2007 460120 "PerfStringBackup.INI"

1 item found: 1 file, 0 directories.
Total of file sizes: 460,120 bytes 449.34 K
************************************************** ****************************

Locating .DAT files created in C:\WINDOWS\System32 within the last 90 days.

"C:\WINDOWS\system32\"
d3d8caps.dat Jun 15 2007 552 "d3d8caps.dat"
d3d9caps.dat Jul 19 2007 664 "d3d9caps.dat"
fntcache.dat Jul 27 2007 248696 "FNTCACHE.DAT"
perfc009.dat Jul 27 2007 64064 "perfc009.dat"
perfh009.dat Jul 27 2007 405640 "perfh009.dat"
sbfc.dat Jul 27 2007 0 "SBFC.dat"
sbrc.dat Jul 27 2007 0 "SBRC.dat"

7 items found: 7 files, 0 directories.
Total of file sizes: 719,616 bytes 702.75 K
************************************************** ****************************

Locating all files created in C:\WINDOWS\System32\components within the last 90 days.
This folder is sometimes used by Trojan.FakeAlert.CX aka SmitFraud

No matches found.
************************************************** ****************************

Locating all files in C:\WINDOWS\System32\com - used by the W32.Pagipef worm
*** BE CAREFUL ---- Not all files in this folder are bad ***

"C:\WINDOWS\system32\Com\"
comadmin.dll Jul 26 2005 195072 "comadmin.dll"
comempty.dat Aug 4 2004 61440 "comempty.dat"
comexp.msc Aug 4 2004 78048 "comexp.msc"
comrepl.exe Aug 4 2004 9728 "comrepl.exe"
comrereg.exe Aug 4 2004 5120 "comrereg.exe"
mtsadmin.tlb Aug 4 2004 19456 "mtsadmin.tlb"

6 items found: 6 files, 0 directories.
Total of file sizes: 368,864 bytes 360.22 K
************************************************** ****************************

Locating all files created in C:\WINDOWS\System32\drivers within the last 90 days.

"C:\WINDOWS\system32\drivers\"
ccdqob~1.sys Jun 5 2007 8576 "ccdqobalbvdq.sys"
sbhr.sys Jul 27 2007 15544 "sbhr.sys"

2 items found: 2 files, 0 directories.
Total of file sizes: 24,120 bytes 23.55 K
************************************************** ****************************

Locating all files created in C:\WINDOWS\System32\drivers\etc within the last 90 days.

No matches found.
************************************************** ****************************

Locating C:\WINDOWS\TEMP files created with in the last 90 days.

"C:\WINDOWS\Temp\"
perfli~1.dat Jul 28 2007 16384 "Perflib_Perfdata_67c.dat"
t30deb~1.txt Jul 28 2007 0 "T30DebugLogFile.txt"
wgaerr~1.txt Jul 28 2007 255 "WGAErrLog.txt"
wganot~1.set Jul 28 2007 409 "WGANotify.settings"
_AVAST4_ Jul 27 2007 "_avast4_"

5 items found: 4 files, 1 directory.
Total of file sizes: 17,048 bytes 16.65 K
************************************************** ****************************

Locating C:\Documents and Settings\Kevin Kehily\Local Settings\TEMP files created within the last 90 days.

"C:\Documents and Settings\Kevin Kehily\Local Settings\Temp\"
dio2.tmp Jul 28 2007 47122 "DIO2.tmp"
dio3.tmp Jul 28 2007 47122 "DIO3.tmp"
hpodvd09.log Jul 28 2007 2993 "hpodvd09.log"
HSPERF~1 Jul 28 2007 "hsperfdata_Kevin Kehily"
java_i~1.log Jul 28 2007 1185 "java_install_reg.log"
java_i~2.log Jul 28 2007 0 "java_install.log"
jinstall.cfg Jul 28 2007 1160 "jinstall.cfg"
jusched.log Jul 28 2007 1152 "jusched.log"
mar1.tmp Jul 28 2007 1285 "MAR1.tmp"
mar2.tmp Jul 28 2007 1285 "MAR2.tmp"
sts5.tmp Jul 28 2007 345 "STS5.tmp"
sts6.tmp Jul 28 2007 345 "STS6.tmp"
_AVAST4_ Jul 28 2007 "_avast4_"

13 items found: 11 files, 2 directories.
Total of file sizes: 103,994 bytes 101.55 K
************************************************** ****************************

Locating .COM files in the C:\WINDOWS\System32 folder

"C:\WINDOWS\system32\"
chcp.com Aug 4 2004 7680 "chcp.com"
command.com Aug 4 2004 50620 "command.com"
diskcomp.com Aug 4 2004 9216 "diskcomp.com"
diskcopy.com Aug 4 2004 7168 "diskcopy.com"
edit.com Aug 4 2004 69886 "edit.com"
format.com Aug 4 2004 25600 "format.com"
graftabl.com Aug 4 2004 26112 "graftabl.com"
graphics.com Aug 4 2004 19694 "graphics.com"
kb16.com Aug 4 2004 14710 "kb16.com"
loadfix.com Aug 4 2004 1131 "loadfix.com"
locate.com Feb 9 2007 11254 "locate.com"
mode.com Aug 4 2004 19456 "mode.com"
more.com Aug 4 2004 15872 "more.com"
tree.com Aug 4 2004 11264 "tree.com"
win.com Aug 4 2004 18432 "win.com"

15 items found: 15 files, 0 directories.
Total of file sizes: 308,095 bytes 300.87 K
************************************************** ****************************

Checking for .COM files to Delete. They will only print if deleted!

************************************************** ****************************

Dumping HKLM Uninstall Programs list

"DisplayName"="1500"
"DisplayName"="1500_Help"
"DisplayName"="1500Trb"
"DisplayName"="Actinic Payment Service Providers Component v8 "
"DisplayName"="Actinic Shared SSL Service Providers Component V8"
"DisplayName"="Actinic v8"
"DisplayName"="Adobe Acrobat 7.0.1 and Reader 7.0.1 Update"
"DisplayName"="Adobe Flash Player 9 ActiveX"
"DisplayName"="Adobe Illustrator 10"
"DisplayName"="Adobe Reader 7.0"
"DisplayName"="Adobe Shockwave Player"
"DisplayName"="Adobe SVG Viewer 3.0"
"DisplayName"="AiO_Scan"
"DisplayName"="AiOSoftware"
"DisplayName"="Apple Software Update"
"DisplayName"="ATI Control Panel"
"DisplayName"="ATI Display Driver"
"DisplayName"="avast! Antivirus"
"DisplayName"="BufferChm"
"DisplayName"="CCleaner (remove only)"
"DisplayName"="CoatsEDV"
"DisplayName"="Corel Uninstaller"
"DisplayName"="CP_Package_Variety1"
"DisplayName"="CP_Package_Variety2"
"DisplayName"="CP_Package_Variety3"
"DisplayName"="Data Doctor Recovery Digital Camera(Evaluation) 3.0.1.5"
"DisplayName"="Data Doctor Recovery FAT+NTFS(Evaluation) 3.0.1.5"
"DisplayName"="Destinations"
"DisplayName"="DeviceManagementQFolder"
"DisplayName"="DocProc"
"DisplayName"="eFax Messenger 4.1"
"DisplayName"="eSupportQFolder"
"DisplayName"="Fax"
"DisplayName"="GdiplusUpgrade"
"DisplayName"="High Definition Audio Driver Package - KB888111"
"DisplayName"="Hotfix for Windows XP (KB889527)"
"DisplayName"="Hotfix for Windows XP (KB893357)"
"DisplayName"="Hotfix for Windows XP (KB896344)"
"DisplayName"="Hotfix for Windows XP (KB903234)"
"DisplayName"="Hotfix for Windows XP (KB914440)"
"DisplayName"="Hotfix for Windows XP (KB915865)"
"DisplayName"="Hotfix for Windows XP (KB935448)"
"DisplayName"="HP Imaging Device Functions 5.3"
"DisplayName"="HP Photosmart Essential"
"DisplayName"="HP PSC & OfficeJet 5.3.B"
"DisplayName"="HP Software Update"
"DisplayName"="HP Solution Center & Imaging Support Tools 5.3"
"DisplayName"="HPProductAssistant"
"DisplayName"="Intel(R) PRO Network Connections Drivers"
"DisplayName"="InternetTweak 4.90"
"DisplayName"="InterVideo WinDVD"
"DisplayName"="iTunes"
"DisplayName"="Java(TM) 6 Update 2"
"DisplayName"="Kaspersky Online Scanner"
"DisplayName"="Matrox PowerDesk-SE"
"DisplayName"="Matrox TripleHead2Go"
"DisplayName"="Microsoft .NET Framework 1.1 Hotfix (KB928366)"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Microsoft .NET Framework 2.0"
"DisplayName"="Microsoft .NET Framework 2.0"
"DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
"DisplayName"="Microsoft National Language Support Downlevel APIs"
"DisplayName"="Microsoft Office Professional Edition 2003"
"DisplayName"="Microsoft Outlook Personal Folders Backup"
"DisplayName"="Microsoft Visio Standard 2002 [English]"
"DisplayName"="Microsoft Works"
"DisplayName"="Mozilla Firefox (2.0.0.5)"
"DisplayName"="MSXML 4.0 SP2 (KB927978)"
"DisplayName"="MSXML 4.0 SP2 Parser and SDK"
"DisplayName"="Natural Color"
"DisplayName"="Nero BurnRights"
"DisplayName"="Nero Digital"
"DisplayName"="Nero OEM"
"DisplayName"="NeroVision Express Content"
"DisplayName"="NewCopy"
"DisplayName"="Nokia Connectivity Cable Driver"
"DisplayName"="Nokia PC Connectivity Solution"
"DisplayName"="Nokia PC Suite"
"DisplayName"="palmOne"
"DisplayName"="Panda ActiveScan"
"DisplayName"="ProductContext"
"DisplayName"="QuickTime"
"DisplayName"="Readme"
"DisplayName"="RealPlayer"
"DisplayName"="Registry Mechanic 6.0"
"DisplayName"="Sage Instant Accounts V11.01"
"DisplayName"="Sage MIS 3.01"
"DisplayName"="SageInst"
"DisplayName"="Scan"
"DisplayName"="ScannerCopy"
"DisplayName"="Security Update for Step By Step Interactive Training (KB898458)"
"DisplayName"="Security Update for Step By Step Interactive Training (KB923723)"
"DisplayName"="Security Update for Windows Media Player (KB911564)"
"DisplayName"="Security Update for Windows Media Player 10 (KB911565)"
"DisplayName"="Security Update for Windows Media Player 10 (KB917734)"
"DisplayName"="Security Update for Windows Media Player 6.4 (KB925398)"
"DisplayName"="Security Update for Windows XP (KB890046)"
"DisplayName"="Security Update for Windows XP (KB893066)"
"DisplayName"="Security Update for Windows XP (KB893756)"
"DisplayName"="Security Update for Windows XP (KB896358)"
"DisplayName"="Security Update for Windows XP (KB896422)"
"DisplayName"="Security Update for Windows XP (KB896423)"
"DisplayName"="Security Update for Windows XP (KB896424)"
"DisplayName"="Security Update for Windows XP (KB896428)"
"DisplayName"="Security Update for Windows XP (KB899587)"
"DisplayName"="Security Update for Windows XP (KB899588)"
"DisplayName"="Security Update for Windows XP (KB899591)"
"DisplayName"="Security Update for Windows XP (KB900725)"
"DisplayName"="Security Update for Windows XP (KB900930)"
"DisplayName"="Security Update for Windows XP (KB901017)"
"DisplayName"="Security Update for Windows XP (KB901214)"
"DisplayName"="Security Update for Windows XP (KB902400)"
"DisplayName"="Security Update for Windows XP (KB904706)"
"DisplayName"="Security Update for Windows XP (KB905414)"
"DisplayName"="Security Update for Windows XP (KB905749)"
"DisplayName"="Security Update for Windows XP (KB908519)"
"DisplayName"="Security Update for Windows XP (KB911280)"
"DisplayName"="Security Update for Windows XP (KB911562)"
"DisplayName"="Security Update for Windows XP (KB911567)"
"DisplayName"="Security Update for Windows XP (KB911927)"
"DisplayName"="Security Update for Windows XP (KB912812)"
"DisplayName"="Security Update for Windows XP (KB912919)"
"DisplayName"="Security Update for Windows XP (KB913446)"
"DisplayName"="Security Update for Windows XP (KB913580)"
"DisplayName"="Security Update for Windows XP (KB914388)"
"DisplayName"="Security Update for Windows XP (KB914389)"
"DisplayName"="Security Update for Windows XP (KB916281)"
"DisplayName"="Security Update for Windows XP (KB917159)"
"DisplayName"="Security Update for Windows XP (KB917344)"
"DisplayName"="Security Update for Windows XP (KB917422)"
"DisplayName"="Security Update for Windows XP (KB917953)"
"DisplayName"="Security Update for Windows XP (KB918118)"
"DisplayName"="Security Update for Windows XP (KB918439)"
"DisplayName"="Security Update for Windows XP (KB918899)"
"DisplayName"="Security Update for Windows XP (KB919007)"
"DisplayName"="Security Update for Windows XP (KB920213)"
"DisplayName"="Security Update for Windows XP (KB920214)"
"DisplayName"="Security Update for Windows XP (KB920670)"
"DisplayName"="Security Update for Windows XP (KB920683)"
"DisplayName"="Security Update for Windows XP (KB920685)"
"DisplayName"="Security Update for Windows XP (KB921398)"
"DisplayName"="Security Update for Windows XP (KB921883)"
"DisplayName"="Security Update for Windows XP (KB922616)"
"DisplayName"="Security Update for Windows XP (KB922760)"
"DisplayName"="Security Update for Windows XP (KB922819)"
"DisplayName"="Security Update for Windows XP (KB923191)"
"DisplayName"="Security Update for Windows XP (KB923414)"
"DisplayName"="Security Update for Windows XP (KB923689)"
"DisplayName"="Security Update for Windows XP (KB923694)"
"DisplayName"="Security Update for Windows XP (KB923980)"
"DisplayName"="Security Update for Windows XP (KB924191)"
"DisplayName"="Security Update for Windows XP (KB924270)"
"DisplayName"="Security Update for Windows XP (KB924496)"
"DisplayName"="Security Update for Windows XP (KB924667)"
"DisplayName"="Security Update for Windows XP (KB925454)"
"DisplayName"="Security Update for Windows XP (KB925486)"
"DisplayName"="Security Update for Windows XP (KB925902)"
"DisplayName"="Security Update for Windows XP (KB926255)"
"DisplayName"="Security Update for Windows XP (KB926436)"
"DisplayName"="Security Update for Windows XP (KB927779)"
"DisplayName"="Security Update for Windows XP (KB927802)"
"DisplayName"="Security Update for Windows XP (KB928090)"
"DisplayName"="Security Update for Windows XP (KB928255)"
"DisplayName"="Security Update for Windows XP (KB928843)"
"DisplayName"="Security Update for Windows XP (KB929123)"
"DisplayName"="Security Update for Windows XP (KB930178)"
"DisplayName"="Security Update for Windows XP (KB931261)"
"DisplayName"="Security Update for Windows XP (KB931768)"
"DisplayName"="Security Update for Windows XP (KB932168)"
"DisplayName"="Security Update for Windows XP (KB933566)"
"DisplayName"="Security Update for Windows XP (KB935839)"
"DisplayName"="Security Update for Windows XP (KB935840)"
"DisplayName"="Skype 2.5"
"DisplayName"="SoftV92 Data Fax Modem with SmartCP"
"DisplayName"="Software Update for Web Folders"
"DisplayName"="SolutionCenter"
"DisplayName"="Spybot - Search & Destroy 1.4"
"DisplayName"="Status"
"DisplayName"="Sunbelt CounterSpy"
"DisplayName"="TAS BOOKS 2 v6"
"DisplayName"="TAS Books 2 v6.2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TAS BOOKS 2"
"DisplayName"="TrayApp"
"DisplayName"="Uniblue SpeedUpMyPC 3"
"DisplayName"="Unload"
"DisplayName"="Update for Windows XP (KB894391)"
"DisplayName"="Update for Windows XP (KB896727)"
"DisplayName"="Update for Windows XP (KB897663)"
"DisplayName"="Update for Windows XP (KB898461)"
"DisplayName"="Update for Windows XP (KB900485)"
"DisplayName"="Update for Windows XP (KB904942)"
"DisplayName"="Update for Windows XP (KB908531)"
"DisplayName"="Update for Windows XP (KB910437)"
"DisplayName"="Update for Windows XP (KB916595)"
"DisplayName"="Update for Windows XP (KB920872)"
"DisplayName"="Update for Windows XP (KB922582)"
"DisplayName"="Update for Windows XP (KB927891)"
"DisplayName"="Update for Windows XP (KB929338)"
"DisplayName"="Update for Windows XP (KB930916)"
"DisplayName"="Update for Windows XP (KB931836)"
"DisplayName"="Update for Windows XP (KB936357)"
"DisplayName"="WebFldrs XP"
"DisplayName"="WebReg"
"DisplayName"="Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)"
"DisplayName"="Windows Genuine Advantage Notifications (KB905474)"
"DisplayName"="Windows Installer 3.1 (KB893803)"
"DisplayName"="Windows Live Messenger"
"DisplayName"="Windows Media Format Runtime"
"DisplayName"="Windows Media Format SDK Hotfix - KB891122"
"DisplayName"="Windows Media Hotfix - KB895181"
"DisplayName"="Windows Media Player 10 Hotfix - KB888656"
"DisplayName"="Windows Media Player 10"
"DisplayName"="Windows XP Hotfix - KB873333"
"DisplayName"="Windows XP Hotfix - KB873339"
"DisplayName"="Windows XP Hotfix - KB883529"
"DisplayName"="Windows XP Hotfix - KB883667"
"DisplayName"="Windows XP Hotfix - KB884018"
"DisplayName"="Windows XP Hotfix - KB884020"
"DisplayName"="Windows XP Hotfix - KB884575"
"DisplayName"="Windows XP Hotfix - KB884868"
"DisplayName"="Windows XP Hotfix - KB884883"
"DisplayName"="Windows XP Hotfix - KB885222"
"DisplayName"="Windows XP Hotfix - KB885250"
"DisplayName"="Windows XP Hotfix - KB885523"
"DisplayName"="Windows XP Hotfix - KB885835"
"DisplayName"="Windows XP Hotfix - KB885836"
"DisplayName"="Windows XP Hotfix - KB885855"
"DisplayName"="Windows XP Hotfix - KB885884"
"DisplayName"="Windows XP Hotfix - KB885887"
"DisplayName"="Windows XP Hotfix - KB885894"
"DisplayName"="Windows XP Hotfix - KB885932"
"DisplayName"="Windows XP Hotfix - KB886185"
"DisplayName"="Windows XP Hotfix - KB886677"
"DisplayName"="Windows XP Hotfix - KB886716"
"DisplayName"="Windows XP Hotfix - KB887742"
"DisplayName"="Windows XP Hotfix - KB887797"
"DisplayName"="Windows XP Hotfix - KB888113"
"DisplayName"="Windows XP Hotfix - KB888240"
"DisplayName"="Windows XP Hotfix - KB888302"
"DisplayName"="Windows XP Hotfix - KB888402"
"DisplayName"="Windows XP Hotfix - KB889016"
"DisplayName"="Windows XP Hotfix - KB889673"
"DisplayName"="Windows XP Hotfix - KB890831"
"DisplayName"="Windows XP Hotfix - KB890859"
"DisplayName"="Windows XP Hotfix - KB891070"
"DisplayName"="Windows XP Hotfix - KB891220"
"DisplayName"="Windows XP Hotfix - KB891781"
"DisplayName"="Windows XP Hotfix - KB892050"
"DisplayName"="Windows XP Hotfix - KB892627"
"DisplayName"="Windows XP Hotfix - KB893056"
"DisplayName"="Windows XP Hotfix - KB893086"
"DisplayName"="Windows XP Hotfix - KB896626"
"DisplayName"="WinZip"
"DisplayName"="Yahoo! Install Manager"
"DisplayName"="Yahoo! Toolbar"
"DisplayName"="Yahoo! Toolbar"

runkeys.txt:

************************************************** **************************
* GetRunKeys.Bat - (c) 01/28/2006 By Chaslang *
* Beta only partially supports Win9x and ME *
* 01/28/2007 Version 1.56 beta *
* Add ...Windows NT\CurrentVersion\Winlogon\Notify *
************************************************** ***************************
* Most of the information reported below is not necessarily bad. You must *
* not take any steps on any of these lines without consulting an expert. *
************************************************** ***************************

Windows OS is

Microsoft Windows XP [Version 5.1.2600]
It's Sat July 28, 2007 10:41:23 AM

************************************************** ****************************
ShowNew installation folder and files

"C:\My Downloads\GetRunKey\"
getrun~1.bat Feb 9 2007 53429 "GetRunKey.bat"
grep.exe Feb 9 2007 80412 "grep.exe"
locate.com Feb 9 2007 11254 "locate.com"
ltime.exe Feb 9 2007 13184 "ltime.exe"

4 items found: 4 files, 0 directories.
Total of file sizes: 158,279 bytes 154.57 K

----------------------------------------------------------------------------
Listing Standard Startup (Run) Registry Keys
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"PcSync"="D:\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\Run]
"QuickTime Task"="\"D:\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp. exe"
"Matrox PowerDesk SE"="\"c:\\Program Files\\Matrox Graphics Inc\\PowerDesk SE\\Matrox.PowerDesk SE.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"PCSuiteTrayApplication"="D:\\NOKIAP~1\\LAUNCH~1.E XE -startup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroChec k.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"eFax 4.1"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Alcmtr"="ALCMTR.EXE"
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entVersion\RunOnceEx]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EX E"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67, 00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
"EulaAccepted"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Setting s]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c, 7a,00,c0,4f,c2,97,eb,01,00,\
00,00,76,26,c4,f3,c4,b2,fd,4d,9d,42,99,de,bb,16,54 ,33,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00 ,48,59,e9,fb,7b,82,62,1d,\
f0,fa,ac,58,2e,5b,d5,8e,00,00,00,00,04,80,00,00,a0 ,00,00,00,10,00,00,00,d0,\
6f,3e,4d,6b,f6,61,c6,26,8a,ca,54,75,97,b3,43,b0,01 ,00,00,67,5c,9b,fe,5e,93,\
5b,f1,6c,3b,ab,ec,6d,74,d0,b0,2f,03,ef,53,04,b5,46 ,f5,8c,b6,20,58,2b,63,27,\
19,27,9e,27,fa,3e,2a,66,ae,f3,e9,a8,1e,2a,ef,2b,54 ,c2,1c,88,e1,28,e2,8c,e0,\
5a,76,05,40,1e,5d,33,90,54,df,82,84,17,9a,39,7e,ea ,72,ab,bb,ac,2d,7f,23,5c,\
73,b6,dc,5b,26,20,23,d0,3f,92,83,28,dc,93,95,f1,c5 ,e5,02,ee,68,8d,d3,b7,70,\
b0,91,2e,be,3d,f1,b4,2d,17,65,7f,35,9a,c7,2b,13,ea ,03,86,85,63,eb,ba,fc,18,\
48,89,5f,ad,e0,7e,b2,ed,ef,04,74,61,47,b7,a8,db,24 ,a1,b9,c6,ec,f6,f8,90,29,\
81,a5,eb,0d,49,b0,ef,12,fa,90,45,b6,85,ae,14,90,e4 ,3b,54,7c,f4,71,c4,ae,e6,\
4d,04,95,f5,14,0f,ab,7b,c0,05,e8,46,e0,84,13,79,86 ,6d,07,8a,11,2e,ea,35,63,\
06,55,1f,83,1e,80,f4,6a,72,1a,ef,86,0d,4e,15,2c,11 ,ca,12,af,80,d6,22,3d,a2,\
4e,5a,d5,ce,20,65,25,63,79,a4,e2,77,60,91,0c,b4,50 ,01,ae,d5,5c,b4,8e,5d,38,\
3d,74,0a,f3,76,53,3a,84,2f,53,c5,0b,d9,dc,4f,9b,e6 ,12,71,ae,54,33,09,3e,b4,\
bd,7f,c3,63,c2,71,51,90,eb,07,93,03,c8,10,fd,f4,a2 ,d8,68,e5,ff,9a,0a,c1,1d,\
c4,c7,e2,4d,ac,4c,40,3a,96,c8,54,db,8f,c1,bb,40,68 ,bd,14,76,9c,32,87,99,a0,\
05,ae,16,2e,d4,68,65,e9,4f,4c,07,cb,22,10,43,f8,b8 ,f3,d7,82,ef,6a,b2,9d,9e,\
c7,07,16,e0,e0,5f,59,65,e3,9d,a8,1a,d3,95,ff,da,6f ,16,2c,c5,41,74,f2,e6,d7,\
d7,72,af,49,97,e9,a5,cc,96,1a,5f,2d,8d,6a,1c,38,ff ,45,4f,74,8f,2e,19,d3,75,\
ee,83,aa,21,b1,90,84,52,2e,ef,31,ce,5d,4b,45,93,2c ,82,cf,c2,e4,3f,d4,b5,f4,\
6b,14,00,00,00,fa,ea,1d,9d,6d,80,74,6a,11,7c,82,8f ,76,ce,49,e8,4e,46,0c,e7

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

----------------------------------------------------------------------------
Listing MSCONFIG Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000

----------------------------------------------------------------------------
Listing ModuleUsage Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/Program Files/Symantec Technical Support/controls/msvcr71.dll]
".Owner"="Unknown Owner"
"{6A344D34-5231-452A-8A57-D064AC9B7862}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/Program Files/Symantec Technical Support/controls/symdlmgr.dll]
".Owner"="Unknown Owner"
"{6A344D34-5231-452A-8A57-D064AC9B7862}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AnagramLib.dll]
".Owner"="{493ACF15-5CD9-4474-82A6-91670C3DD66E}"
"{493ACF15-5CD9-4474-82A6-91670C3DD66E}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll]
".Owner"="{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"
"{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ASPROinst.dll]
".Owner"="{D6376DD2-C2BD-49B2-A1B1-138F869633F3}"
"{D6376DD2-C2BD-49B2-A1B1-138F869633F3}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll]
".Owner"="{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"
"{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll]
".Owner"="{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"
"{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx]
".Owner"="{5F8469B4-B055-49DD-83F7-62B522420ECC}"
"{5F8469B4-B055-49DD-83F7-62B522420ECC}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Housecall_ActiveX.dll]
".Owner"="{215B8138-A3CF-44C5-803F-8226143CFC0A}"
"{215B8138-A3CF-44C5-803F-8226143CFC0A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dat]
".Owner"="{493ACF15-5CD9-4474-82A6-91670C3DD66E}"
"{493ACF15-5CD9-4474-82A6-91670C3DD66E}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LinkedInContactFinderControl.dll]
".Owner"="{493ACF15-5CD9-4474-82A6-91670C3DD66E}"
"{493ACF15-5CD9-4474-82A6-91670C3DD66E}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll]
".Owner"="{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"
"{34F12AFD-E9B5-492A-85D2-40FA4535BE83}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan81.ocx_x]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi]
".Owner"="{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"
"{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll]
".Owner"="{6A344D34-5231-452A-8A57-D064AC9B7862}"
"{6A344D34-5231-452A-8A57-D064AC9B7862}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yacsui.dll]
".Owner"="{7D1E9C49-BD6A-11D3-87A8-009027A35D73}"
"{7D1E9C49-BD6A-11D3-87A8-009027A35D73}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL]
".Owner"="Unknown Owner"
"{17492023-C23A-453E-A040-C7C580BBF700}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll]
".Owner"="Unknown Owner"
"{215B8138-A3CF-44C5-803F-8226143CFC0A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll]
".Owner"="Unknown Owner"
"{215B8138-A3CF-44C5-803F-8226143CFC0A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll]
".Owner"="Unknown Owner"
"{6A344D34-5231-452A-8A57-D064AC9B7862}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll]
".Owner"="Unknown Owner"
"{215B8138-A3CF-44C5-803F-8226143CFC0A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL]
".Owner"="{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}"
"{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll]
".Owner"="Unknown Owner"
"{215B8138-A3CF-44C5-803F-8226143CFC0A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll]
".Owner"="{5F8469B4-B055-49DD-83F7-62B522420ECC}"
"{5F8469B4-B055-49DD-83F7-62B522420ECC}"=""

----------------------------------------------------------------------------
Listing HKCU Policies Registry Keys
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Infodelivery]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Infodelivery\Restrictions]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\PhotoSupport]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Restrictions]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Toolbars]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Toolbars\Restrictions]

----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
"ShowSuperHidden"=dword:00000001
"HideFileExt"=dword:00000000

----------------------------------------------------------------------------
Listing HKLM Policies Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

----------------------------------------------------------------------------
Listing BHO Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001

----------------------------------------------------------------------------
Listing SharedTaskScheduler Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\curr entversion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

----------------------------------------------------------------------------
Listing ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\curr entversion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

----------------------------------------------------------------------------
Listing ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

----------------------------------------------------------------------------
Listing Default URL Prefix Keys - a possible hijack point
----------------------------------------------------------------------------

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

----------------------------------------------------------------------------
HKEY_CURRENT_USER ZoneMap ProtocolDefaults
----------------------------------------------------------------------------

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000

----------------------------------------------------------------------------
Miscellaneous Malware Detection Report
----------------------------------------------------------------------------

List of Malware found in SharedTaskScheduler
------------------------------------------------------------------------
No Malware found in SharedTaskScheduler
------------------------------------------------------------------------

List of Malware found in C:\WINDOWS\system32
------------------------------------------------------------------------
No Malware found in C:\WINDOWS\system32
------------------------------------------------------------------------

Check for Troj-Torpig-D,E,J Keylogger
------------------------------------------------------------------------
Troj-Torpig-D,E,J Keylogger was not found
------------------------------------------------------------------------

Looking for winlogonhook/conhook trojan
------------------------------------------------------------------------
winlogonhook/conhook key not found
------------------------------------------------------------------------

Looking for Miscellaneous Rootkits
------------------------------------------------------------------------
lzx32, msguard, and pe386 rootkits not found
------------------------------------------------------------------------

Looking for CmdService adware - part of ADSPY/ISearch.d.2
------------------------------------------------------------------------
CmdService adware not found
------------------------------------------------------------------------

Looking for Network_Monitor adware - part of ADSPY/ISearch.d.2
------------------------------------------------------------------------
Network_Monitor adware not found
------------------------------------------------------------------------

Looking for Trojan.Peacomm aka Downloader-BAI.sys
------------------------------------------------------------------------
Trojan.Peacomm not found
------------------------------------------------------------------------

**kevinkehily** · 02-08-2007

i was able to run trend micro and it found vulnerabilities Microsoft Security Bulletin MS06-033 and Microsoft Security Bulletin MS06-056
Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) - so i am downloading updates on microsoft --hopefully this is it ....

**kevinkehily** · 03-08-2007

when i tried to download the microsoft updates they would not download. i tied downloading the microsoft updates they would not download. does anyone know where to go from here ?

JAVA errors and other problems ! Help !

JAVA errors and other problems ! Help !

Similar Threads

Java Errors =( help please

Java problems

Java problems

java problems