OK, heres the log:
[code=auto:0]WinPFind35 logfile created on: 2008-02-17 11:26:21
WinPFind35U Version Beta52 Folder = C:\Users\Annelie o Niklas\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
1022,38 Mb Total Physical Memory | 482,33 Mb Available Physical Memory | 47,18% Memory free
2,24 Gb Paging File | 1,48 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,76 Gb Total Space | 28,49 Gb Free Space | 36,18% Space Free | Partition Type: NTFS
Drive D: | 19,36 Gb Total Space | 9,69 Gb Free Space | 50,06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DATAN
Current User Name: Annelie o Niklas
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
elogsvc.exe -> %SystemDrive%\Program\Norman\Npm\Bin\elogsvc.exe -> File not found
zanda.exe -> %SystemDrive%\Program\Norman\Npm\Bin\Zanda.exe -> File not found
applemobiledeviceservice.exe -> %SystemDrive%\Program\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> File not found
mdnsresponder.exe -> %SystemDrive%\Program\Bonjour\mDNSResponder.exe -> File not found
msascui.exe -> %SystemDrive%\Program\Windows Defender\MSASCui.exe -> File not found
testhandler.exe -> %SystemDrive%\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -> Fujitsu Siemens Computers [Ver = 1.03 | Size = 204800 bytes | Modified Date = 2006-11-15 00:07:08 | Attr = ]
tosbtsrv.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.04.00 | Size = 386560 bytes | Modified Date = 2007-01-30 11:23:52 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.7 | Size = 3784704 bytes | Modified Date = 2006-11-09 10:57:52 | Attr = ]
apoint.exe -> %SystemDrive%\Program\Apoint2K\Apoint.exe -> File not found
apmsgfwd.exe -> %SystemDrive%\Program\Apoint2K\ApMsgFwd.exe -> File not found
apntex.exe -> %SystemDrive%\Program\Apoint2K\ApntEx.exe -> File not found
sidebar.exe -> %SystemDrive%\Program\Windows Sidebar\sidebar.exe -> File not found
njeeves.exe -> %SystemDrive%\Program\Norman\Npm\Bin\Njeeves.exe -> File not found
nvcsched.exe -> %SystemDrive%\Program\Norman\NVC\bin\Nvcsched.exe -> File not found
nvcoas.exe -> %SystemDrive%\Program\Norman\NVC\bin\Nvcoas.exe -> File not found
wmpnscfg.exe -> %SystemDrive%\Program\Windows Media Player\wmpnscfg.exe -> File not found
superantispyware.exe -> %SystemDrive%\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
tosbtmng.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> File not found
wmpnetwk.exe -> %SystemDrive%\Program\Windows Media Player\wmpnetwk.exe -> File not found
tosa2dp.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> File not found
tosbthid.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> File not found
tosbthsp.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> File not found
tosavrc.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe -> File not found
tosobex.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe -> File not found
tosbtproc.exe -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe -> File not found
winpfind35u.exe -> %SystemDrive%\Användare\Annelie o Niklas\Skrivbord\WinPFind35u\WinPFind35U.exe -> File not found
[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> File not found
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Bonjour\mDNSResponder.exe -> File not found
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(eLoggerSvc6) Norman eLogger service 6 [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\elogsvc.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(Norman NJeeves) Norman NJeeves [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\Njeeves.exe -> File not found
(Norman ZANDA) Norman ZANDA [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Norman\Npm\Bin\Zanda.exe -> File not found
(nvcoas) Norman Virus Control on-access component [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\NVC\bin\Nvcoas.exe -> File not found
(NVCScheduler) Norman Virus Control Scheduler [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Norman\NVC\bin\Nvcsched.exe -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TestHandler) Fujitsu Siemens Computers Diagnostic Testhandler [Win32_Own | Auto | Running] -> %SystemDrive%\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -> Fujitsu Siemens Computers [Ver = 1.03 | Size = 204800 bytes | Modified Date = 2006-11-15 00:07:08 | Attr = ]
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> %SystemDrive%\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found
(usnjsvc) Läsartjänsten USN Journal för mappdelning i Messenger [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Program\MSN Messenger\usnsvc.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> %SystemDrive%\Program\Windows Media Player\wmpnetwk.exe -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.04.00 | Size = 386560 bytes | Modified Date = 2007-01-30 11:23:52 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> File not found
Apoint -> %SystemDrive%\Program\Apoint2K\Apoint.exe -> File not found
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMyPrt.exe -> File not found
CanonSolutionMenu -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.exe -> File not found
FuncKey -> %ProgramFiles%\Hotkey Management\FuncKey.exe -> File not found
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> File not found
Norman ZANDA -> %ProgramFiles%\Norman\Npm\bin\ZLH.EXE -> File not found
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 7766016 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 81920 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
NvSvc -> %SystemRoot%\System32\nvsvc.dll -> NVIDIA Corporation [Ver = 7.15.10.9748 | Size = 90191 bytes | Modified Date = 2006-12-10 14:47:00 | Attr = ]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpwareSE4.exe -> File not found
PowerManager -> %ProgramFiles%\Power Manager\PM.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> File not found
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1.0.0.7 | Size = 3784704 bytes | Modified Date = 2006-11-09 10:57:52 | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -> File not found
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> %SystemDrive%\Program\Windows Sidebar\sidebar.exe -> File not found
SUPERAntiSpyware -> %SystemDrive%\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
WMPNSCFG -> %SystemDrive%\Program\Windows Media Player\wmpnscfg.exe -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\SUPERAntiSpyware\SASSEH.DLL [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %SystemDrive%\Program\SUPERAntiSpyware\SASWINLO.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.se/ig?hl=sv ->
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Länkhjälp till Adobe PDF Reader] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Java\jre1.5.0_03\bin\NPJPI150_03.dll [Sun Java-konsol] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xportera till Microsoft Excel -> %SystemDrive%\Program\Microsoft Office\Office10\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34603D73-CE7B-4FFE-96B7-68B9EA8B1F80} -> (Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)) ->
{471C67F9-D7DB-4450-84AA-BE7C4E608F36} -> (NVIDIA nForce Networking Controller) ->
{7F5DA6E3-0B96-448C-99CD-627818DCF16E} -> (Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)) ->
{EB8DB5F1-431E-49F3-8D6B-5CDABE6B2379} -> () ->
{FFE68317-9B02-4562-A4BB-D4E373934455} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> %SystemDrive%\Program\Bonjour\mdnsNSP.dll -> File not found
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\microsoft shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> File not found
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> File not found
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> File not found
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> File not found
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Program\Common Files\microsoft shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.se/s/v/19.11/uploader2.cab[UploadListView Class] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.emp [($build.empty)] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\\EnableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-89257779-2698489413-2941568155-1000\\EnableNotificationsRef -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 176640 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 493056 bytes | Modified Date = 2006-11-02 10:46:05 | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 2006-11-02 10:46:10 | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6000.16508 (vista_gdr.070618-1500) | Size = 269824 bytes | Modified Date = 2007-08-30 18:26:31 | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 168448 bytes | Modified Date = 2006-11-02 10:46:13 | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 61440 bytes | Modified Date = 2006-11-02 10:46:13 | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 213504 bytes | Modified Date = 2006-11-02 10:46:10 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 804 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\Windows\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 120832 bytes | Modified Date = 2006-11-02 10:46:12 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\Windows\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 22016 bytes | Modified Date = 2006-11-02 10:45:47 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDri
verPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 512 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> C:\Windows\system32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Pub
lic|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|
[email protected],-10000|
[email protected],-10001|
[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|
LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Pub
lic|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|
[email protected],-10002|
[email protected],-10003|
[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|
[email protected],-10000|
[email protected],-10001|
[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|Ap
p=%systemroot%\system32\svchost.exe|Svc=rpcss|
[email protected],-10002|
[email protected],-10003|
[email protected],-10005|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Pri
vate|Profile=Public|LPort=162|App=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|
[email protected],-7|
[email protected],-8|
[email protected],-3|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\SNMPTRAP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\system32\snmptrap.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|A
pp=%SystemRoot%\system32\snmptrap.exe|Svc=SNMPTRAP|
[email protected],-7|
[email protected],-8|
[email protected],-3|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Pri
vate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31003|
[email protected],-31006|
[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Privat
e|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Pr
ivate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31007|
[email protected],-31010|
[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private
|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Pri
vate|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31011|
[email protected],-31014|
[email protected],-31002|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|
App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|
[email protected],-31253|
[email protected],-31256|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App
=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177
|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|
[email protected],-31257|
[email protected],-31260|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|A
pp=%SystemRoot%\system32\svchost.exe|Svc=Qwave|
[email protected],-31261|
[email protected],-31264|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|
App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|
[email protected],-31265|
[email protected],-31268|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|
App=System|
[email protected],-31285|
[email protected],-31288|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-Out-TCP-NoScope -> v2.0|A [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243
|App=System|
[email protected],-31289|
[email protected],-31292|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31293|
[email protected],-31296|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31297|
[email protected],-31300|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-WMP-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|
[email protected],-31301|
[email protected],-31304|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|
[email protected],-31305|
[email protected],-31308|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|
[email protected],-31309|
[email protected],-31312|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|
[email protected],-31313|
[email protected],-31316|
[email protected],-31252|Edge=FALSE|] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe [v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|
[email protected],-3131